Global cybercrime damage in 2021 amounts to $16.4 billion a day. A major increase in ransomware-related cyberattacks at scale has jeopardised many supply chains and critical infrastructures and exposes the potential for massive disruptions possible.
In the latest events of such dramatic attacks, the ransomware incident at the Miami-based IT firm Kaseya took place ahead of the Fourth of July holiday weekend and managed to hit hundreds of businesses on five major continents.
While drawing top-level US government attention, the Federal Cybersecurity and Infrastructure Security Agency, and the FBI, the REvil gang allegedly demanded $70m in Bitcoin to restore the data.
A Russian-speaking ransomware syndicate, REvil is the same group blamed by the FBI for paralysing meatpacker JBS. They have been active since April 2019, developing the network-paralysing software and later leasing it to infect targets and earn the ransoms.
Kesaya’s Virtual System Administrator (VSA) software platform is used by other tech companies to monitor and manage customers’ IT networks. Thus, the attack has a devastating combination of tactics deployed: supply chain attacks and ransomware.
According to Cybersecurity firm Huntress, the attack was triggered by an authentication bypass vulnerability and that led attackers to use an authenticated session, upload a malicious payload and execute commands via SQL injection.
The malware has affected varying sectors including grocery stores, schools, a national railway system, and hundreds of other businesses. Meanwhile, Kesaya is keeping its software-as-a-service (SaS) servers offline, trying to restore them asap. They have released patch 9.5.7.3011 which remediates functionality issues caused by the enhanced security measures put in place and provides bug fixes.
However, in the recent turn of events, the gang has gone offline and are unreachable since Tuesday, 13th July. The mysterious disappearance has caused panic and sparked speculations.
What Can You Do?
Cyberattacks are inevitable and are happening at scale. However, they do not end if and when you pay the ransom. The attacker might hold access to your data and revert with more ransom demands in the future. Laying stronger foundations and implementing techniques to tackle the attacks is the need of the hour. Before you find yourself in such a soup, take some bold steps towards the security of your business.
It’s time to bolster defense capabilities to secure your networks and build partnerships aimed at securing the future of critical infrastructure. These recent attacks are the best learning grounds and can help build resilience to effectively reduce the risk.
You can explore more and improve your cybersecurity defense at our Nordic Virtual Cyber Security Summit as it unites senior IT security leaders from across a variety of industries. We will be discussing Ransomware in Focus: How AI Surgically Contains the Threat with some real-world examples of ransomware detected by Cyber AI and how self-learning AI responds proportionately to ransomware. Our 2-day (28th & 29th September 2021) virtual event is your opportunity to network and ask burning questions to information security leaders from the likes of BankID, Handelsbanken, Danske Bank, Ørsted, and others.
View the detailed Agenda and secure your spot for FREE* with our discount code: SECURITY-VIP
*Offer is for cyber security practitioners working within end-user companies only. Individuals who work for vendor companies or consultancies do not qualify for a free pass, but are welcome to purchase a ticket online.
