REvil’s massive Ransomware Attacke infographic
Grafik zeigt wie REvil's Lieferkette Cyberattacke funktioniert.
GN41562DE

KRIMINALITÄT

Russische Hacker verlangen $70 Millionen in “Lieferkette” Cyberangriff

By Ninian Carter

July 6, 2021 - Cybersecrity Teams versuchen die Auswirkungen der größten bekannten globalen Ransomware Attacke zu verhindern – eine "Lieferkette" Attacke, die tausende Anwender der VSA Software infiziert hat.

Russia's notorious REvil gang, famed for extorting $11 million from meat-processor JBS, has infected thousands of computers in at least 17 countries with malware which encrypts all their data, rendering files inaccessible.

The hackers are demanding a ransom of $70 million in cryptocurrency, in return for giving users access to decryption software that will allegedly return their files to normal.

The hack took place on June 2, with details now emerging of how it was undertaken.

The cyberattack was very sophisticated, sending malicious code disguised as a legitimate software update for Kaseya VSA – software used by big corporations, or service providers for small businesses, to manage servers, software, services and even hardware.

Once installed, the malware was able to spread like a disease and encrypt the contents of hard drives and servers, rendering them useless.

Security software company Sophos says more than 70 managed service providers are impacted. REvil claims on its dark web "Happy Blog" that more than one million systems are infected.

The FBI advises those affected not to pay up. There is no guarantee an encryption key will unlock files, or even if REvil will supply one. Historically, 92% of firms that pay a ransom are unable to recover all their data.

Sources
PUBLISHED: 07/07/2021; STORY: Graphic News
Advertisement