6th July 2021, Kathmandu
200 businesses in the US have been hit by ransomware, said an IT firm Kaseya in Miami Cybersecurity company Huntress Labs on Friday.
Kaseya was hijacked by an unusually sophisticated ransomware attack that hit hundreds of American businesses. It’s a Miami-based supplier and widely used technology management software.
“It is investigating a potential attack on a widely used tool to reach into corporate networks across the United States.” Kaseya, in a statement posted on its own website.
The attackers changed a Kaseya tool called VSA. It’s used by companies that manage technology at smaller businesses. Then they encrypt the files of those providers’ customers simultaneously. The tool is used to monitor and manage servers, desktops, network devices, and printers.
They shut down some of its infrastructures in response and asked customers that used VSA on their premises to turn off their servers immediately.
Huntress senior security researcher John Hammond said in an email, “This is a colossal and devastating supply chain attack,.” He referred to an increasingly high-profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.
“It has the potential to spread to any size or scale business,” Hammond added that because Kaseya is plugged into everything from large enterprises to small companies. Experts said many managed service providers use VSA, although their customers may not realize it.
Clients had been hit before they could get a warning to them, said some employees at service providers on discussion boards.
It’s believed the Russia-linked REvil ransomware gang was to blame for the latest ransomware outbreak. The FBI blamed the same group of actors for paralyzing meatpacker JBS (JBSS3.SA) last month.
DEMANDS FOR RANSOM
Ransom demands accompanying the encryption ranged from a few thousand dollars to $5 million or more, as mentioned by a private security executive working on the response effort.
The corruption of an update process shows a marked growth in strength from most ransomware attacks. This attack takes advantage of security loopholes such as common passwords without two-factor authentication.
An email was sent to the hackers regarding the attack, which wasn’t responded immediately. It was taking action to understand and address the recent supply-chain ransomware attack against Kaseya’s VSA product. It was in a statement said by the U.S. Cybersecurity and Infrastructure Security Agency.
Recently, supply chain attacks stay on the top of the cybersecurity agenda. The United States indicated the Russian government’s operating hackers. Also mentioned, they tampered with a network monitoring tool built by Texas software firm SolarWinds.
Even though Kaseya has 40,000 customers, not all use its products.
“The US will retaliate,” Joe Biden warned that. If the US finds out Russia was behind the mass cyberattack that hit at least 1,000 American firms in the run-up to July 4 weekend.
Why Ransomware Attacks Are on the Rise
Ransomware becomes an increasingly severe and pervasive problem. Ransomware is a practice hackers used to lock up computer systems and demand payment from victims for their release.
Data on ransomware varies widely, and estimates are difficult to make because many attacks are never made public or reported. However, the problem is rapidly getting worst.
Hackers are now shifting their target attacks from data-rich companies to providers of key public needs such as hospitals, transportation, and food.
There are at least 4 main factors:
1. Cyber failures by the victim:
Victims continue to make cybersecurity mistakes like clicking on phishing links or failing to keep company software updated. For instance, the Colonial Pipeline hack caused a severe gasoline shortage; the hackers used a VPN profile to log in that lacked two-factor authentication. They paid millions of dollars to get their system back up and running.
2. Ransomware has become more lucrative:
The sophisticated use of technology to hold businesses and whole cities hostage for profit is a challenge. Cryptocurrency is no longer the only reason for these attacks. They also use double-extortion tactics to steal sensitive data from victims before encrypting and threaten to publish that information if they refused to pay.
3. Ransomware as-a-service:
Hacking groups have reinvented the process through which criminal networks extort victims. Ransomware as-a-service is a practice in which hacking networks can sell at least their ransomware software to other criminal groups to carry out attacks. Then they share the proceeds with the hackers who developed it. For instance, Darkside, who hacked the pipeline, works this way.
4. The Russia Factor:
According to US officials and cybersecurity researchers, most of these hacks are coming from Russia and Eastern Europe. Security experts say the line between criminal hacking groups and state-backed cyber operations can be murky as governments often tolerate it as long as it is targeted overseas. They sometimes even recruit those hacker groups to carry out their own objectives.
To minimize these attacks, basic steps need to be taken, such as running up-to-date software and using multifactor authentication. The best practice is to ensure cybersecurity awareness among business management and business leaders. And take rational decisions based on which ransomware attacks are seen as a top-priority risk. Install firewalls or products that detect unusual activities. Make sure to ensure cybersecurity requirements across critical infrastructure sectors.
To minimize these attacks, basic steps need to be taken, such as running up-to-date software and using multifactor authentication. The best practice is to ensure cybersecurity awareness among business management and business leaders. And take rational decisions based on which ransomware attacks are seen as a top-priority risk. Install firewalls or products that detect unusual activities. Make sure to ensure cybersecurity requirements across critical infrastructure sectors.
