Friday, March 29, 2024
HomeWorld NewsLarge-scale ransomware attack may hit 1,000 companies

Large-scale ransomware attack may hit 1,000 companies

  • A sophisticated ransomware attack occurred in the United States, which targeted approximately 1,000 American companies and sparked suspicion of the involvement of Russian gangs.
  • President Joe Biden stated that he has instructed US intelligence agencies to investigate the behind-the-scenes man behind the attack.
  • Security company Huntress Labs stated that it believes that the REvil ransomware group associated with Russia is responsible for the latest ransomware outbreak.

Researchers said on Saturday that a ransomware attack against a US IT company could target 1,000 companies. One of Sweden’s largest supermarket chains revealed that it had to temporarily close about 800 stores after being unable to access the checkout channel.

A series of ransomware attacks have been blamed on Russian hackers, and US President Joe Biden recently raised this threat during a meeting with Russian President Vladimir Putin.

Biden ordered a full investigation on Saturday, adding that “the original idea was not the Russian government, but we are not sure yet.”

He said: “I will know better tomorrow. If this is Russian knowledge and/or Russian consequences, then I tell Putin we will respond.”

The targeted IT company Kaseya said on Friday night that it had restricted the attack to “a small number of our customers” using its signed VSA software-“currently estimated to be less than 40 worldwide.”

But the network security company Huntress Labs stated on the Reddit forum that it is working with partners of the target and that the software has been manipulated “to encrypt more than 1,000 companies.”

Read | According to reports, one of the largest insurance companies in the United States paid hackers a ransom of R558 million after the cyber attack

Ransomware attacks usually involve the use of encryption technology to lock data in the system, allowing the company to pay to regain access.

Brett Callow, an analyst at the cyber security company Emsisoft, said that it is unclear how many companies were affected and said the scale of the attack may be “unprecedented in history.”

Kaseya describes itself as a leading provider of IT and security management services for small and medium enterprises. VSA is designed to allow companies to manage computer and printer networks from a single point.

“One of our subcontractors was under a digital attack, which is why our cash register is no longer working,” Coop Sweden, which accounts for about 20% of the country’s supermarket sector, said in a statement.

The cooperative added: “We regret this situation and will do our best to reopen as quickly as possible.”

Coop Sweden did not disclose the name of the subcontractor, nor did it disclose the hacking methods used against it.

However, the Swedish subsidiary of Visma Software Group stated that the issue was related to the Kaseya attack.

Shut down immediately

Kaseya was aware of a possible VSA incident on the east coast of the United States at noon on Friday and “immediately shut down” its servers as a “precautionary measure,” it said.

The company said in a statement:

We notify our local customers to shut down their VSA server to prevent them from being compromised by email, in-product instructions and phone calls. We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it.

According to the New Zealand Government’s Computer Emergency Response Team, the attacker came from a hacker group called REvil.

According to the FBI, REvil was also behind the attack on JBS, one of the world’s largest meat processors, last month. In the end, the Brazilian-based company paid the hackers $11 million in Bitcoin.

‘Avoid payment’

The United Nations Security Council held its first formal public meeting on cyber security this week to address the growing threat of hackers to critical infrastructure in various countries.

Several Council members acknowledged the serious dangers posed by cybercrime, especially ransomware attacks on major facilities and companies.

Several US companies, including the computer group SolarWinds and Colonial Oil Pipeline, have also recently been targeted by ransomware attacks.

The FBI blamed these attacks on hackers in Russia.

But usually, “cyber criminals operate one by one,” said Gerome Billois, a cyber security expert at Wavestone Consulting.

He added:

In this case, they attacked a company that provided software for managing data systems, which allowed them to target dozens, possibly even hundreds, of companies at the same time.

Billois said it was difficult to determine exactly how many because the affected companies also lost their communication systems.

Kaseya, who had urged its customers to shut down the servers running its VSA platform, could not know whether the system was shut down “voluntarily or compulsorily.”

“This is one of the largest and most common ransomware attacks I have seen in my career,” said Alfred Saikali of the law firm Shook, Hardy & Bacon.

“I have never seen so many companies hiring us for the same event on the same day. As a general rule, you must avoid paying the ransom at all costs.”


Did you know you can comment on this article? Subscribe to news 24 And add your voice to the conversation.



Source link

RELATED ARTICLES

Most Popular

Recent Comments