Government seeks UK victims of Kaseya ransomware attack

    [ad_1]

    The UK government is seeking British victims of the Kaseya ransomware attack over the weekend – the biggest global ransomware attack on record.  

    National Cyber Security Centre (NCSC), which is part of government intelligence agency GCHQ, said it’s currently ‘investigating its impact on the UK’.

    It’s not known how many or which British firms are affected by the ransomware attack on Friday, which was courtesy of Russian hacking group REvil. 

    REvil – which managed to breach the systems of US-based software firm Kaseya – is demanding $70 million (£50.5 million) in cryptocurrency to fix it.  

    The hackers managed to bring down the firms by infiltrating VSA, a piece of Kaseya software that is used to manage much larger IT networks. 

    The National Cyber Security Centre (NCSC) said it is currently investigating the impact of the Kaseya ransomware attack on the UK

    The National Cyber Security Centre (NCSC) said it is currently investigating the impact of the Kaseya ransomware attack on the UK

    Each victim’s IT systems are scrambled and rendered un-usable, but if the ransom is paid, hackers deliver a decryptor key that unscrambles the network. 

    MailOnline has contacted NCSC regarding the specific UK firms that are confirmed to have been impacted by the mass extortion attack.

    ‘We are aware of a cyber incident involving Kaseya, and we are investigating its impact on the UK,’ the NCSC said in a statement. 

    ‘Ransomware is a growing, global cyber threat, and all organisations should take immediate steps to limit risk and follow our advice on how to put in place robust defences to protect their networks.’ 

    Ciaran Martin, founder of NCSC, told Radio 4: ‘The scale and sophistication of this global crime is rare, if not unprecedented.

    ‘It is a really serious, global operation.’ 

    Kaseya said just a few dozen of its customers were directly affected by the attack, but knock-on effects have brought down firms in 17 countries.

    According to a spokesperson for London software company Egress, UK customers are ‘believed to have been affected alongside those in the US, Canada, Germany, South Africa and Colombia’. 

    It has impacted 36,000 businesses already, wiping out over 500 Coop grocery stores in Sweden, as well as schools in New Zealand and two major Dutch IT firms.  

    Coop had to close hundreds of stores on Saturday because its cash registers had been knocked offline as a consequence of the attack.

    Meanwhile, Kaspersky said it has observed more than 5,000 attack attempts in 22 countries. The most affected were Italy, followed by the US, Colombia, Germany and Mexico.

    Each victim's IT systems are scrambled and rendered un-usable, but if the ransom is paid, hackers deliver a decryptor key that unscrambles the network

    Each victim’s IT systems are scrambled and rendered un-usable, but if the ransom is paid, hackers deliver a decryptor key that unscrambles the network

    Geography of attempted attacks resulting from the original breach of Kaseya, based on Kaspersky’s telemetry

    Geography of attempted attacks resulting from the original breach of Kaseya, based on Kaspersky’s telemetry

    REvil is best known for extorting $11 million from the meat-processor JBS back in May this year after a Memorial Day attack. 

    REVil infected Kaseya, a provider of IT management software for managed service providers (MSPs) – companies that remotely manage a customer’s IT infrastructure.

    The gang has an affiliate structure, occasionally making it difficult to determine who speaks on the hackers’ behalf, Reuters reports.

    But Allan Liska of cybersecurity firm Recorded Future said the message ‘almost certainly’ came from REvil’s core leadership. 

    Essentially, REvil used Kaseya’s access to breach not only its clients, but its clients’ clients – in other words, both MSPs and their customers. 

    This set off a chain reaction that paralysed computers of hundreds of firms worldwide. 

    On Sunday, the White House said it was reaching out to victims of the outbreak ‘to provide assistance based upon an assessment of national risk’. 

    US President Joe Biden, who last month warned President Putin to take action against hacking groups targeting the US from Russia, said the FBI is investigating the latest hack and he will take action if Moscow is deemed to be responsible. 

    Analysts said it is no coincidence that the latest attack coincided with the July 4 weekend, when companies would be under-staffed and less able to respond. 

    NO CONTACT FROM WASHINGTON OVER RANSOMWARE ATTACK, SAYS RUSSIA  

    Russia has not had any contact from the US over the sophisticated ransomware attack that hit hundreds of American businesses and led to suspicions of Russian gang involvement, the Interfax news agency cited the Kremlin as saying on Monday.

    Security firm Huntress Labs said on Friday it believed the Russia-linked REvil ransomware gang was to blame for the attack. President Joe Biden has directed US intelligence agencies to investigate.

    ‘I have no information that any data was provided. No, no data was received,’ Interfax cited Kremlin spokesman Dmitry Peskov as saying. He said the Kremlin was not aware of the attack.

    Biden and Russian President Vladimir Putin agreed to begin consultations on cybersecurity issues during a summit in Geneva on June 16, with Biden warning of consequences if ransomware attacks emanating from Russia continued to proliferate.

    Russia has repeatedly denied carrying out or tolerating cyber attacks. 

    Source: Reuters  

    [ad_2]

    Previous articleXavier Bettel health update: European leader in 'serious' condition after catching Covid
    Next articleStephen Dorff SLAMS Scarlett Johansson calls Black Widow a 'bad video game'

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here