Swedish grocery chain. A South Carolina outpatient surgical center. A Florida law firm of mid-size.
According to Huntress Labs, a massive cyberattack that occurred just in time for the US July Fourth holiday weekend has locked down the IT systems of over 1000 businesses around the globe. Experts believe that the ransomware attack could be the most severe ever.
Globally, the Kaseya breach is spreading
It all began with Kaseya, a Miami-based IT service company that provides security software to large-scale cybersecurity contractors. These contractors then sell their services to thousands of businesses around the world. Hackers gained access to at least 40 cybersecurity contractor systems after they breached Kaseya's servers Friday, July 2. They infected hundreds more businesses over the weekend with ransomware.
Infected companies' data was encrypted, which resulted in them being locked out of their IT systems. In exchange for a key that would enable them to decrypt their data, the hackers demanded ransoms from smaller businesses of $5 million and larger companies of $50,000.
Although most of the companies affected were located in the US, cyber chaos spread across the globe. Coop, a Swedish grocery chain, had to close 500 stores on Saturday (3 July) after hackers took out its cash registers. Coop was able to reopen some of its stores by asking customers to use the scan & pay app on smartphones to pay for groceries.
REvil could be responsible for the Kaseya attack
Cybersecurity experts quickly attributed the attack to Russia-based hacking group REvil. This was the same gang that shut down JBS in June, the largest meat seller in the world, and extorted $11 million from the Brazilian company.
REvil is just one of many ransomware gangs that operate out of Russia. Authorities tend to ignore hackers in Russia because they are focusing their plundering on geopolitical rivals. The US president Joe Biden urged Vladimir Putin, his Russian counterpart, to take action against cybercriminals in June. He warned that the US would respond cyberif Russia didn't do anything to stop them.
Biden ordered an investigation into the Kaseya attack but did not directly blame Russia or REvil. According to Reuters, the initial thought was that it wasn't the Russian government. However, they weren't sure. He stated on July 3 that he believed he was correct. If it's either with the knowledge or as a result of Russia, I told Putin that we would respond.
Ransomware attacks are increasing
This weekend's hack is part of a new wave of ransomware attacks. The most notable example of this was the May shutdown at Colonial Pipeline which caused fuel shortages along the east coast of the US. As criminals attacked hospitals and other critical infrastructure, the attacks have increased during the pandemic. According to Bitdefender, ransomware attacks increased by 715 percent year-over-year in 2020.
Ransom payments to cyber criminals have been a topic of renewed debate following the recent hacking attacks. Cybersecurity experts and law enforcement officials warn that ransom payments of multi-millions of dollars have accelerated hacking gangs' growth and incentivized criminals to join the field looking for big rewards. Insurance companies offering cyber policies have seen their premiums rise sharply in the past year due to increased costs from ransom payments.