هجوم مجموعة القرصنة REvil الضخم ببرامج الفدية
July 6, 2021 - تعمل فرق الأمن السيبراني لاحتواء تأثير أكبر هجوم لبرامج الفدية على الصعيد العالمي المُسجل - وهو هجوم “سلسلة التوريد” يصيب الآلاف من مستخدمي برنامج VSA التابع لشركة كاسيا.
Russia's notorious REvil gang, famed for extorting $11 million from meat-processor JBS, has infected thousands of computers in at least 17 countries with malware which encrypts all their data, rendering files inaccessible.
The hackers are demanding a ransom of $70 million in cryptocurrency, in return for giving users access to decryption software that will allegedly return their files to normal.
The hack took place on June 2, with details now emerging of how it was undertaken.
The cyberattack was very sophisticated, sending malicious code disguised as a legitimate software update for Kaseya VSA – software used by big corporations, or service providers for small businesses, to manage servers, software, services and even hardware.
Once installed, the malware was able to spread like a disease and encrypt the contents of hard drives and servers, rendering them useless.
Security software company Sophos says more than 70 managed service providers are impacted. REvil claims on its dark web "Happy Blog" that more than one million systems are infected.
The FBI advises those affected not to pay up. There is no guarantee an encryption key will unlock files, or even if REvil will supply one. Historically, 92% of firms that pay a ransom are unable to recover all their data.