EXPLAINER: Ransomware and its role in supply chain attacks

Another weekend of holiday celebrations in the USA, and another ransomware attack has crippled businesses all over the globe.It's affecting a large number of small and large companies who use IT software from Kaseya.Ransomware attacks that targeted the largest U.S.-based fuel pipeline and the largest meat-packing business in the world were high-profile.WHAT IS RANSOMWARE? HOW DOES IT WORKRansomware encrypts the data of the targeted organization and encrypts it. Ransomware is a ransomware program that encrypts the target organization's data. Once they have been paid, they will provide decryption keys that unlock those files.Ransomware crooks also have expanded to data-theft blackmail. They may steal files from sensitive files before triggering encryption. If they don't get ransom, they threaten to publish them publicly.What's a SUPPLY-CHAIN ATACK?Kaseya customers were the latest victims of a ransomware attack that combined a ransomware attack with what is known as a supply chain attack. This typically involves inserting malicious code into software updates that are automatically distributed to thousands of organisations.Kaseya claims that ransomware has affected its product for remotely monitoring network networks. However, many of its clients provide broader IT management services so it is possible that many organizations will be affected.John Hammond, security firm Huntress Labs, stated that this attack stands out because of its trickle-down effect. This applies to both the managed service provider and the small business. Kaseya is able to handle large enterprises as well as small businesses worldwide, so it can eventually spread to other sizes and scales of business.The most recent supply-chain attack that was well-known was the one perpetrated by elite Russian hackers and targeted software provider SolarWinds. The motive behind the attack was not extortion, but an intelligence operation that targeted government agencies.Continue the storyHOW DO RANSOMWARE RANGS WORK?Russian-speaking criminal syndicates dominate ransomware and operate out of Russia and other allied countries with almost impunity. The sophistication and skill of the syndicates has increased since 2003, when they were barely noticed. They use dark web forums to recruit and organize while concealing their identities with sophisticated tools and cryptocurrencies such as Bitcoin, which make it harder for them to trace payments and their laundering.Experts believe that Kaseya was linked to REvil, the same ransomware company that the FBI linked with an attack on JBS SA (a major global meat processor) during the Memorial Day holiday weekend.The group has been active since April 2019 and provides ransomware as-a-service. This means it creates and leases ransomware to its affiliates, who infect targets and make the largest share of ransoms.Who is Affected?Although the extent of the attack on Kaseya's stores is still unknown, it has been reported that they closed several grocery chains in Sweden due to cash register problems.According to Emsisoft, ransomware gangs in the United States hit over 100 federal, state, and municipal agencies. They also targeted more than 500 health care centers and 1,680 educational institutions. This was just last year. Dollar losses amount to tens or hundreds of billions. It is difficult to find exact numbers. Reporting is frowned upon by many victims who fear the negative reputational consequences.