REvil Ransomware Attack Explained -- What We Know

On July 2nd, a Russian hacking group which has dubbed themselves as REvil began a rather large ransomware attack when they struck Miami-based software company Kaseya Ltd. The REvil hacking group is a well-known cybercrime gang but this attack appears to be their largest yet.

As a software company, Kaseya utilizes virtual systems/server administrator (or VSA) which is a type of software used to manage updates and sends out these notifications to the various systems on a computer network; this is a typical software seen to be used by tech companies such as this. This is the software that REvil hackers targeted in their attack last week. The hacking team utilized the software's properties as being a sort of distribution center, reaching all computers and systems on a network, to disburse ransomware throughout the company's systems. This approach to exploiting vulnerabilities and infecting a web of devices and systems is known as a supply chain attack, due to how it mimics the flow of the process.

Roughly 50 of Kaseya’s direct customers were compromised in this attack, a majority of which were sellers of information-technology services themselves. This means that, if those companies did not have strong cyber defenses throughout their own systems, their customers may likely have been infected as well. The initially attacked company, Kaseya, said recently since the attack that they believe fewer than 1,500 businesses were hit by this attack. This is a greater impact than that statement implies to be as the majority were small to medium sized businesses -- these are some of the most highly targeted companies out there when it comes to cybersecurity, and in this instance, the attack in question which may have hurt their business quite severely came from the security flaws of an external company. One such impacted business was a Swedish supermarket chain which, due to the attack, was forced to close some outlets over the weekend.

The ransomware group claimed to have infected 40,000 computers in this attack, later claiming the number of affected has grown to over a million computers infected. The group demanded $70M in order to decrypt the affected information from all infected companies impacted by the attack on Kaseya.

This is just one example of the importance of protecting your data, even if you outsource to an external company -- or possibly especially if you do so. Though Kaseya should have had stronger protections, being a technology-based company in particular, it is also the responsibility of their customers to do the same. If your company was a customer of Kaseya but had protections in place to fight against cyber attacks, it would not matter that Kaseya was infected, because you know you'd be protected. Cut ransomware and other cyber attacks off at their source by implementing strong security defenses and practices.

Image from Bank Info Security.