Biden Launches Federal Probe Into Global Ransomware Attack

Photo by Mandel Ngan ( Getty Images)President Joe Biden told reporters that the U.S. intelligence agencies have been ordered to investigate the ransomware attack that ensnared over 1,000 companies around the world. He made this announcement on Saturday, as he was traveling to Michigan to promote his infrastructure plan.AdvertisementThe Record reports that hackers took control of a popular management software program from Kaseya, an international IT company, to distribute a malicious update that would allow its malware to spread to other companies around the globe. This is expected to be the biggest ransomware attack in history.Biden stated that they aren't sure who was behind Friday's attack. Biden stated that although initially it was believed that it wasn't the Russian government, they are not certain.According to security firm Huntress Labs, the culprit is believed to be REvil. This cybercriminal group has been known for targeting high-profile targets like Apple and Acer. This group is also suspected to have been behind the successful attack on JBS, the largest meat processing company in the world, last month that demanded $11 million ransom.After discovering a security breach involving VSA software, Kaseya urged customers to immediately shut down their VSA servers. Kaseya uses the VSA cloud platform to manage software updates and send them to client devices, i.e. Managed service providers (MSPs) provide remote IT services to small businesses that are not able to perform those processes in-house.G/O Media could be eligible for a World of Warcraft 60 Day Time Card at Eneba. Use the promo code: 20210704Although the exact details and scope of this attack are still unknown, security experts believe that the hackers used Kaseyas VSA product as a way to spread malware and decrypt files from those customers. Fred Voccola, Kaseya CEO, stated in an update that Friday that the company believed it had found the source of the vulnerability. He also said that the company plans to release a patch as soon as possible to help customers who are affected.However, given how many of these customers are likely MSPs, it could mean that hundreds of smaller businesses that depend on their services are at risk. Huntress, who has been publically tracking the attack via Reddit, stated that it had identified more than 1000 businesses whose servers or workstations were compromised by the attack. According to the New York Times, Coop, a Sweden-based retailer, was one of the victims. It shut down 800 stores in the country over the weekend, after its systems were taken offline. John Hammond, a senior security researcher at Huntress, told the New York Times that hackers demanded $5 million ransom from certain companies.AdvertisementHammond said that this was a devastating and colossal supply chain attack in a statement to Reuters. Cybercriminals are increasingly turning to supply chain attacks as a way to infect hundreds, or even thousands, of computers simultaneously. SolarWinds hackers used an identical scheme to infect network management software that is used by many major U.S. federal government agencies and corporations.The company posted an update to Kaseyas blog Sunday morning. It stated that it is working with both the FBI and Cybersecurity and Infrastructure Security Agency in order to resolve the situation and help affected customers.AdvertisementThe company stated that they are currently preparing a staged return of service for our [software-as-a-service] server farms. This will include restricted functionality and a stronger security posture. It is expected to be completed in the next 24-48 hour, but it could change. The next communication will contain more information about the restrictions, changes in security posture and the timeframe.Kaseya said that it had provided a new compromise detection tool for almost 900 customers, and is currently developing a private download site to allow access to even more customers.