The widely-sought Russian group of hackers behind the REvil ransomware attack on Kaseya over the weekend was demanding $70 million for ransom. The recent cyberattack has infected thousands of computers used by thousands of organizations.
REvil Gang Injects Zero-Day on Kaseya System
On Sunday, July 2, DIVD (Dutch Institute for Vulnerability Disclosure) issued an alert that the REvil ransomware group has injected zero-day vulnerabilities (CVE-2021-30116) on the VSA software. The security research platform has indicated the exploitations related to the notorious Russian cybercriminals.
For the scope of the damage, at least 1,000 companies have been hit by the large-scale infection. The organizations were housed in at least 17 countries such as Kenya, Mexico, Argentina, South Africa, the UK, New Zealand, Indonesia, and Canada.
Since Kaseya is responsible for the remote control access of many firms in the world, the impact of the ransomware attack has been extended to the rest of its clients in the IT industry.
REvil Group Wants $70 Million Ransom From the Victims
Ransomware will not exist without a group seeking a corresponding ransom payment. The gang behind the REvil ransomware was asking for a $70 million ransom so they could release a universal decryptor that will free all the compromised systems over the weekend.
"On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour," the REvil group published on its "Happy Blog" site.
Kaseya said that it will first install the patch for its VSA servers before restarting the operation as part of the July 5 date for its fix.
CISA Encourages Customers to Use Compromise Detection Tool
According to The Hacker News, there is a way to know some information about the recent Kaseya cyberattack. As part of the public advisory, the US Cybersecurity and Infrastructure Security Agency (CISA) urged the public to consider using Kaseya's Compromise Detection Tool.
The tool will be useful in identifying some details about the multi-factor authentication, IP address, VPN, and even those indicators that led to the compromise of the system.
In an email interview with The Hacker News, Secureworks' Chief Threat Intelligence Officer, Barry Hensley said that there were less than 10 organizations across their customer base that have been affected by the ransomware attack.
According to Acronis' chief information security officer, Kevin Reed, the gang has targeted the MSPs since they have more opportunity to launch a well-planned cyberattack due to their "large attack surfaces."
Reed added that hundreds of firms are dependent on a single MSP. The Kaseya incident showed that the REvil gang managed to hack at least one MSP to have full access to over 100 organizations.
This article is owned by Tech Times
Written by Joseph Henry