|
This article requires pre-publication review by an uninvolved reviewer (one not substantially involved in writing the article). Note, only qualified reviewers may do this and publish articles. This right requires experience with Wikinews policies and procedures. To request the right, apply here.Reviewers, please use Easy Peer Review per these instructions.
-Article last amended: Jul 4 at 8:34:55 UTC (history) |
| This article requires pre-publication review by an uninvolved reviewer (one not substantially involved in writing the article).
Note, only qualified reviewers may do this and publish articles. This right requires experience with Wikinews policies and procedures. To request the right, apply here.Reviewers, please use Easy Peer Review per these instructions.
-Article last amended: Jul 4 at 8:34:55 UTC (history) |
Saturday, July 3, 2021
On Friday, a ransomware attack which initially targeted software company Kaseya spread to over 200 companies in the US through Kaseya’s network management software. Huntress Labs, a cybersecurity company, believes that the attack was carried out by REvil, a Russian-based ransomware group, but the US government is not certain who is behind it. Kaseya told its customers to stop using its services when it learned of the attack.
According to NBC News, the ransomware first spread to about 40 of Kaseya’s customers, which are mainly companies that manage Internet services for their customers, some of which manage them for thousands of companies. John Hammond, a security researcher at Huntress Labs, said that “It’s reasonable to think this could potentially be impacting thousands of small businesses”. Kaseya notified its customers of the attack on Friday afternoon and warned them to stop using its services immediately.
The attack is believed to have been carried out by the ransomware group REvil, according to Channel News Asia. Business Insider reported REvil is a Russian-based organization which provides ransomware as a service. BleepingComputer received a sample of the ransomware used in REvil’s attacks and says that they demand USD five million for the ransomed files to be decrypted, though it is unknown if every victim received a demand for that same amount. Fabian Wosar, a CTO at the Emimsoft security firm, said affected customers had received demands for USD 44,999.
Swedish grocery chain Coop was also affected by the attack, and had to close all 800 of its stores because its checkout tills could not process payments due to the ransomware. Therese Knapp, a Coop spokesperson, said: “We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today”. Swedish company Visma Esscom, which manages servers for businesses, was using Kaseya software, according to Reuters. Railway services in Sweden were also disrupted.
On Saturday, US President Joe Biden directed intelligence agencies to investigate who was behind the attack. He said that “we’re not certain” who is behind the attack, adding “The initial thinking was it was not the Russian government but we’re not sure yet”. The US Cybersecurity and Infrastructure Security Agency stated that it is “taking action to understand and address the recent supply-chain ransomware attack”.