FBI And The Department Of Homeland Security's Cyber Arm Reaching Out To Ransomware Victims
The ransomware attack is believed to have been carried out by a Russian-linked criminal gang. Almost every continent has been hit by the financial services, travel, and leisure sectors.
Last week, a cyber attack on American IT firm Kaseya was revealed to be the largest global ransomware attack ever. The unusually sophisticated cyberattack hit hundreds of businesses in the United States on Friday.
More information about how a Russia-linked gang broke into the company whose software was used as a conduit is now available.
VSA, which is used by companies that manage technology at smaller businesses, was the software targeted by the attackers.
The cybersecurity teams are still working to mitigate the attack's effects.
According to cybersecurity researchers, ransomware infected thousands of victims in at least 17 countries on Friday, primarily through companies that remotely manage IT infrastructure for multiple customers.
The demand for a $5 million ransom has been made. Some cybersecurity experts, however, believe the smallest amount demanded was $45,000.
The attackers are thought to be members of the notorious REvil gang, which is best known for extorting $11 million from meat processor JBS following a Memorial Day attack.
The attack is being investigated by the Federal Bureau of Investigation (FBI). President Joe Biden had “directed the full resources of the government to investigate this incident,” according to US Deputy National Security Advisor Anne Neuberger, who also urged anyone who believes they have been compromised to contact the FBI.
The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs, which the US considers a national security threat because of their unrelenting extortionary attacks.
Financial services, travel, and leisure are among the businesses and services targeted by the attack, which occurred on almost every continent.
Experts believe it was no coincidence that REvil attacked at the start of the Fourth of July holiday weekend, knowing that US offices would be understaffed. Many victims may not learn about it until Monday when they return to work.
Coop, a Swedish supermarket chain, closed most of its 800 stores for the second day on Sunday due to a cash register software outage.
Several thousand of an unnamed IT services company's customers were compromised in Germany, according to authorities.
VelzArt and Hoppenbrouwer Techniek, two large Dutch IT services companies, were also reported as victims.
The number of victims is estimated to be in the low thousands, according to Kaseya CEO Fred Voccola. On Saturday night, the company said it sent a detection tool to nearly 900 customers.
Criminals who use ransomware infiltrate networks and install malware that cripples networks by scrambling all of their data when activated. When victims pay up, they are given a decoder key.