Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
HACKERS ARE DEMANDING $70 million (€58.9m) in bitcoin in exchange for data stolen during a “gargantuan” attack on a US IT company that shut hundreds of Swedish supermarkets.
Researchers believe more than 1,000 companies could have been affected by the attack on Miami-based firm Kaseya, which provides IT services to some 40,000 businesses around the world.
The FBI warned yesterday that the scale of the “ransomware” attack, a form of digital hostage-taking where hackers encrypt victims’ data and then demand money for restored access, is so large that it may be “unable to respond to each victim individually”.
“It’s probably the biggest ransomware attack of all time,” said Ciaran Martin, cybersecurity professor at the University of Oxford.
“Because of the nature of the attack there’s still a lot of uncertainty over its impact,” he stressed.
But he added that because this was a “supply chain attack”, targeting a company serving thousands of firms, many of whom in turn provide IT support to smaller businesses such as car dealerships, the total number of victims was potentially huge.
Sweden’s Coop supermarket chain was among the indirect victims, with its cash registers paralysed since Friday when its IT subcontractor Visma Esscom was hit by the attack.
Most of Coop’s 800 stores were still closed today, spokesperson Kevin Bell told AFP, with the few hundred that have reopened relying on alternative payment solutions such as customers paying using their smartphones.
Cybersecurity firm ESET said it had identified victims of the hack in at least 17 countries, from South Africa to Britain to Mexico. New Zealand’s education ministry said at least two schools there had been affected.
REvil hackers suspected
Experts believe the attack was probably carried out by REvil, a Russian-speaking hacking group known as a prolific perpetrator of ransomware attacks.
A post on Happy Blog, a site on the dark web previously associated with the group, claimed responsibility for the attack and said it had infected “more than a million systems”, which if true would make this attack “absolutely gargantuan in scale”, according to Martin.
The FBI believes that REvil, which also goes by the name Sodinokibi, was behind a ransomware attack last month on global meat-processing giant JBS. The Brazil-based company ended up paying $11 million in bitcoin to the hackers.
The hackers’ blog post said they would release a decryption tool online “so everyone will be able to recover from attack in less than an hour” — if they were handed $70 million in bitcoin.
The hackers have also been reaching out to individual victims and demanding smaller ransoms, Martin added.
“As far as I understand it, they’ve been issuing demands that are about $50,000 for smaller organisations, rising to $5 million for larger organisations,” he told AFP. “We don’t know who’s paid.”
Kaseya said on Sunday it believed the damage had been restricted to a “very small number” of customers using its signature VSA software, which lets companies manage networks of computers and printers from a single point.
But cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies”.
Kaseya said it had “immediately shut down” its servers after detecting the attack on Friday and warned its VSA customers to do the same, “to prevent them from being compromised”.
The company has released a tool allowing its customers to find out whether their own computer systems have been compromised by the attack.
‘State-tolerated’ hacking
In recent months numerous US companies, including the computer group SolarWinds and the Colonial oil pipeline, have been the victims of high-profile ransomware attacks, which the FBI blames on hackers based in Russia.
The HSE in Ireland was also a victim of a similar attack, with suspicions centred on Russian hackers.
While Washington officials do not accuse the Russian government of direct involvement in such attacks, they say the country is harbouring hackers who should be arrested.
US President Joe Biden raised the threat in talks with Russian counterpart Vladimir Putin last month, and on Saturday ordered a full investigation into the Kaseya attack.
“”Most experts would take the view that it’s highly unlikely that it’s state-directed,” Martin said of this latest cyber-assault. “It’s state-tolerated.”
Additional reporting Niall O’Connor.
To embed this post, copy the code below on your site
Without Crypto currencies these hackers can’t extort money. I can see the regulations tightening for all cryptos in the future
@dublindamo: The beauty of crypto is that it is outside the control of any Central authority
@Mickety Dee: you mean Bitcoin. All other crypto currencies have a central control point.
@Philip King ⚡️: that’s not true, Monero, Litecoin, Ethereum, all decentralised. There’s a bunch of them.
@Colin: all great until they get rugged.
@Colin: This bunch aren’t bringing those into disrepute though. It’s Bitcoin they want.
Ban cyber currency?
@Tony Gordon: cyber currency, ffs you don’t even know what it’s called
@Daithi De Roiste: crypto is a cyber currency. Dope.
@Daithi De Roiste: is that relevant? Do you not know what he means by cyber currency? Why be nasty?
@Daithi De Roiste: it’s called? FFS You don’t even know there’s more than one.
@Daithi De Roiste: Are you the type of person that likes to make fun of people who don’t know the in and outs of something? To show us uneducated people that you know it all?
@Ally Mc Culladgh: I think his point is that the poster is calling for something to be banned that they don’t even understand.
If an US IT can fall to a cyber attack, what chance had the HSE against a concentrated attack.
‘Tis time to plug out the internet
@Big bad bull: And then plug it back in again!
Not bad for a day’s work
Putin’s proxy war
They should get the HSE negotiator to get them the decryption key!
Common wisdom used to be that if you’ve got your company’s security up to date, you’ll be fine. But now the bottleneck is the weakest link in your supply chain, which is very worrying. Thankfully the white hat hacker community managed to somewhat mitigate matters over a stressful weekend, but in the end it was the bad guys that won the final sprint.
Just get Norton antivirus…… Can’t go wrong!
I’m in the wrong Job!…..
@David Grey: stick with writing music !
Cyber polygon incoming.
have your say