Graphic shows how REvil's supply chain cyberattack works.
GN41562EN

CRIME

Russia hackers demand $70 million in “Supply Chain” cyberattack

By Ninian Carter

July 6, 2021 - Cybersecurity teams are working to stem the impact of the biggest global ransomware attack on record — a “supply chain” attack infecting thousands of users of Kaseya’s VSA software.

Russia's notorious REvil gang, famed for extorting $11 million from meat-processor JBS, has infected thousands of computers in at least 17 countries with malware which encrypts all their data, rendering files inaccessible.

The hackers are demanding a ransom of $70 million in cryptocurrency, in return for giving users access to decryption software that will allegedly return their files to normal.

The hack took place on June 2, with details now emerging of how it was undertaken.

The cyberattack was very sophisticated, sending malicious code disguised as a legitimate software update for Kaseya VSA – software used by big corporations, or service providers for small businesses, to manage servers, software, services and even hardware.

Once installed, the malware was able to spread like a disease and encrypt the contents of hard drives and servers, rendering them useless.

Security software company Sophos says more than 70 managed service providers are impacted. REvil claims on its dark web "Happy Blog" that more than one million systems are infected.

The FBI advises those affected not to pay up. There is no guarantee an encryption key will unlock files, or even if REvil will supply one. Historically, 92% of firms that pay a ransom are unable to recover all their data.

Sources
PUBLISHED: 07/07/2021; STORY: Graphic News
Advertisement