‘Largest ransomware attack’ may strain US-Russia ties

Miami-based information technology firm Kaseya was the target of “the largest ever ransomware attack” last weekend, when hackers exploited a bug in the IT Management software of the firm in order to steal a large amount of data on a number of clients using the Kaseya software. On 4 July, they demanded—through the dark web— $70 million in cryptocurrency in exchange for the return of the stolen data.
Kaseya sells its software to thousands of IT and Managed Service Providers (MSPs), who in turn, serve a number of clients. Taking advantage of the lightly staffed company due to Fourth of July celebrations in the United States, the hackers bypassed the company’s security, exploiting a zero-day vulnerability. The extent of damages is yet to be known, but the estimated number of businesses affected ranges from 1000-2000, spanning at least 17 countries. A Swedish grocery chain, a New Zealand School, a German IT company and two Dutch companies are a few of the known victims. However, in a large number of similar cases, the victims do not generally publicly divulge that they were the target of such an attack, or whether they have paid the ransom.
The group of hackers has been dubbed REvilor Sodinokibi by experts and is believed to be Russia- based. REvil, derived from “Ransomware” and “Evil”, has previously been linked to a number of such instances. In June, they were believed to be behind the attack on JBS, the largest meat supplier in the world, which led to some of the JBS operations in North America and Australia being shut down. The hackers extorted $11 million from JBS, who managed to resume services afterwards. The group had also hacked Taiwanese computer giant Acer in March, demanding $50 million in ransom. As of Tuesday 6 July, following contact by a security architect at cybersecurity consulting firm Krebs Stamos Group, Jack Cable, the group have reduced their ransom demand from Kaseya to $50 million. When Cable reached out toREvil in order to discuss paying the ransom, they reportedly decreased their initial demands by $20 million. This led Cable to believe that REvil is purely financially motivated and has no political interests.
While there is no link between REvil and the Russian government, senior US and Russian officials will meet next week to discuss the attack.