Last Updated: January 18, 2022
Hours before the Fourth of July weekend started, a ransomware attack was conducted on IT company Kaseya. Although the attack only affected around 40 clients, it spread to other large IT companies collaborating with Kaseya. These companies offer their services to thousands of small businesses, bringing the attack to a whole new level, with some even calling it “the largest ransomware attack ever.”
The culprit—Russian hacker group REvil—locked the victims’ computers and initially asked for $45,000 from every victim as ransom. However, they later changed their price to $70 million in Bitcoin in total, Yahoo reports. According to them, more than 1 million devices are affected. If their demands are met, REvil will publish a decryptor key that will unfreeze the system for all the victims.
It seems that ransomware attacks are becoming a regular thing in the US. Just a month ago, Russian hacking group DarkSide temporarily shut down nine JBS meat plants, pushing beef prices upwards. The same group halted the largest US fuel pipeline just over two months ago. The situation is alarming, as recent estimates say that a business will fall victim to ransomware every 11 seconds this year.
Although ransomware attacks usually threaten their victims with data leaks which could later result in issues such as identity theft (which is why dedicated protection services are a good idea), this one seems to only focus on locking its victims out of the system.
When asked about the attack, President Biden responded that he has “directed the full resources” of the government towards settling the issue.
Real Number of Victims Impossible to Guess
Although REvil claims that it blocked access to over 1 million devices, the real number isn’t easy to estimate. At the moment, there is no database of all the affected individuals. However, given how each of these businesses is connected to each other, the 1 million number is plausible.
According to Huntress—the cybersecurity company handling the hack—over 1,000 businesses have been affected, and the number keeps growing as more victims come forward.
Coop, a Swedish grocery chain, had to close around 800 of its stores on Saturday because one of Kaseya’s clients controls its cash registers. Other victims include an educational services company from New Jersey, a mid-size law firm in Florida, and an outpatient surgical center in South Carolina.
Conducting a cyberattack right before a long weekend holiday is a common tactic among hackers, as it leaves a smaller team to defend against the attack. How REvil managed to hack Kaseya is still unknown, but the tried-and-true tactic the hackers used served in their favor as the companies are still struggling to regain access to the system, well after the weekend has passed.