Update (5 July, 2PM): The REvil group recently posted a new message on its blog. The group is now demanding a ransom of US$70 million (~RM290 million) in Bitcoin, per company affected by its ransomware. No further information about its motive was given, but as it stands, US security bodies including the FBI and CISA are advising people not to pay any ransom.
Original article below:
Hundreds of US-based companies found themselves at the mercy of the hacker group, REvil, when it launched something akin to a full-scale attack on said companies last week. According to reports, approximately 200 businesses and their supply chain were hit by ransomware overnight.
The attacks were supposedly first discovered by Kaseya, a Florida-based IT company, and from the looks of it, the primary cybersecurity provider of these companies. Kaseya said that it had experienced a potential attack against its remote monitoring and management tool, VSA. The security firm initially believed that the attack had only affected 40 customers, but after hours of investigating, it was clear that the number was greater than that.
As some of you know, this isn’t the first time the Russian hacker group, REvil has made headlines. Back in March, the group hit the Taiwanese PC brand, Acer, and held its entire cyber infrastructure hostage and demanded a ransom of US$50 (~RM205.6 million). A month later, it came to light that the REvil ransomware had been updated to allow its creators the ability to change Windows passwords and encrypt a system’s files via Safe Mode.
News Flash: cybercriminals are a$$holes.
ADVERTISEMENT
Keep all the Incident Response teams in mind this holiday weekend as they're in the thick of it…again.
If you use Kaseya VSA, shut it down *now* until told to reactivate and initiate IR. Here's the binary: https://t.co/NIuGJZW84p https://t.co/GSXPlOPjFt
— Chris Krebs (@C_C_Krebs) July 2, 2021
It isn’t just the US companies that are affected either, as REvil’s actions also had a rippling effect on other companies globally. One example is located in Sweden; Coop, the grocery brand, was unable to open up 800 of its stores because the attack caused its cash registers to malfunction.
(Source: Bloomberg, The Verge, Yahoo!, Hot Hardware)
