Over the holiday weekend of Fourth of July, cybercriminals with Russian affiliations shocked the world by announcing that they had targeted more than a million organizational systems in ransomware spree.
From the time that the news broke out about the cyber event, experts scrambled to unpack the perceived nature and extent of the attack after more than a thousand organizations discovered that their data had been encrypted by threat actors.
The attackers targeted a number of IT firms and compromised the data belonging to corporate clients by hitting Kaseya, a notable software vendor.
Kaseya VSA, a widely used software product by various Managed Service Providers (MSPs) across the U.S. and the United Kingdom, is employed by firms looking to effectively manage client systems.
According to a tweet that was published by ethical hacker Mark Loman, the massive cyber event was a REvil supply chain attack outbreak that was traced back to a malicious Kaseya update.
Hackers Demand $70 Million
The REvil ransomware group announced their demands through post that was published on a dark web platform affiliated with the cybercriminals. The ransomware operators said that they would be offering victims of the cyberattack a universal decryption tool in exchange for a bulk payment of $70 million.
The ransomware group is reported to the same group of cybercriminals that were responsible for a cyberattack on the U.S. subsidiary of the world’s largest meat processor JBS. In the June event, the victim ended up parting with a ransom payment of $11 million.
The JBS case was among the most notable cyber events in U.S. history, considering that the ransomware attack stalled critical operations across several of the organization’s meatpacking establishments – the firm’s North American headquarters in Greeley was also hit.
Experts Analyze REvil’s Strategy
Cybersecurity researchers believe that the holiday weekend’s cyberattack was not carried out by accident, that timing of the events have been found to follow REvil’s operational strategy. Looking back at the JBS attack, the organization became aware that they had been hit by a ransomware attack over Memorial Day weekend, at a time when most of the organization’s workers had taken time off.
Media reports have also cited the prior knowledge of Dutch cybersecurity experts concerning a longstanding Kaseya vulnerability way before the latest cyber event.
According to Victor Gevers from the Dutch Institute for Vulnerability Exposure, it turns out that a software patch had already been made although distribution was forthcoming. Various questions still linger about how REvil attackers became aware of the exploit before release of the software patch.
The details of an article by BleepingComputer report that the ransomware group has made a base ransom demand of $5 million for MSPs and $45,000 in the context of individual firms. Brett Callow, a seasoned threat analyst at cybersecurity company Emsisoft, voiced his expectation that organizations will be scrambling to negotiate with REvil to the point of causing delays in the entire process.
Further, a cybersecurity researcher with Recorded Future stated that REvil’s demand for a joint ransom payment may be the product of the ransomware group’s indication that they may want to quickly conclude their attack.
The statement by Allan Liska from Recorded Future was followed by the expert’s analysis of the thought process behind REvil’s decision that seemingly seeks a fast ending – the ransomware group may have realized that their actions have caused a much bigger problem than they initially envisioned.
The federal Bureau of Investigation has asserted their committed efforts on investigations into the cyber event, and has sent out a public notice that urged victims to assist law enforcement agencies in countering the threat by providing relevant information about individual experiences.
Over the holiday weekend of Fourth of July, cybercriminals with Russian affiliations shocked the world by announcing that they had targeted more than a million organizational systems in ransomware spree.
From the time that the news broke out about the cyber event, experts scrambled to unpack the perceived nature and extent of the attack after more than a thousand organizations discovered that their data had been encrypted by threat actors.
The attackers targeted a number of IT firms and compromised the data belonging to corporate clients by hitting Kaseya, a notable software vendor.
Kaseya VSA, a widely used software product by various Managed Service Providers (MSPs) across the U.S. and the United Kingdom, is employed by firms looking to effectively manage client systems.
According to a tweet that was published by ethical hacker Mark Loman, the massive cyber event was a REvil supply chain attack outbreak that was traced back to a malicious Kaseya update.
Hackers Demand $70 Million
The REvil ransomware group announced their demands through post that was published on a dark web platform affiliated with the cybercriminals. The ransomware operators said that they would be offering victims of the cyberattack a universal decryption tool in exchange for a bulk payment of $70 million.
The ransomware group is reported to the same group of cybercriminals that were responsible for a cyberattack on the U.S. subsidiary of the world’s largest meat processor JBS. In the June event, the victim ended up parting with a ransom payment of $11 million.
The JBS case was among the most notable cyber events in U.S. history, considering that the ransomware attack stalled critical operations across several of the organization’s meatpacking establishments – the firm’s North American headquarters in Greeley was also hit.
Experts Analyze REvil’s Strategy
Cybersecurity researchers believe that the holiday weekend’s cyberattack was not carried out by accident, that timing of the events have been found to follow REvil’s operational strategy. Looking back at the JBS attack, the organization became aware that they had been hit by a ransomware attack over Memorial Day weekend, at a time when most of the organization’s workers had taken time off.
Media reports have also cited the prior knowledge of Dutch cybersecurity experts concerning a longstanding Kaseya vulnerability way before the latest cyber event.
According to Victor Gevers from the Dutch Institute for Vulnerability Exposure, it turns out that a software patch had already been made although distribution was forthcoming. Various questions still linger about how REvil attackers became aware of the exploit before release of the software patch.
The details of an article by BleepingComputer report that the ransomware group has made a base ransom demand of $5 million for MSPs and $45,000 in the context of individual firms. Brett Callow, a seasoned threat analyst at cybersecurity company Emsisoft, voiced his expectation that organizations will be scrambling to negotiate with REvil to the point of causing delays in the entire process.
Further, a cybersecurity researcher with Recorded Future stated that REvil’s demand for a joint ransom payment may be the product of the ransomware group’s indication that they may want to quickly conclude their attack.
The statement by Allan Liska from Recorded Future was followed by the expert’s analysis of the thought process behind REvil’s decision that seemingly seeks a fast ending – the ransomware group may have realized that their actions have caused a much bigger problem than they initially envisioned.
The federal Bureau of Investigation has asserted their committed efforts on investigations into the cyber event, and has sent out a public notice that urged victims to assist law enforcement agencies in countering the threat by providing relevant information about individual experiences.
Over the holiday weekend of Fourth of July, cybercriminals with Russian affiliations shocked the world by announcing that they had targeted more than a million organizational systems in ransomware spree.
From the time that the news broke out about the cyber event, experts scrambled to unpack the perceived nature and extent of the attack after more than a thousand organizations discovered that their data had been encrypted by threat actors.
The attackers targeted a number of IT firms and compromised the data belonging to corporate clients by hitting Kaseya, a notable software vendor.
Kaseya VSA, a widely used software product by various Managed Service Providers (MSPs) across the U.S. and the United Kingdom, is employed by firms looking to effectively manage client systems.
According to a tweet that was published by ethical hacker Mark Loman, the massive cyber event was a REvil supply chain attack outbreak that was traced back to a malicious Kaseya update.
Hackers Demand $70 Million
The REvil ransomware group announced their demands through post that was published on a dark web platform affiliated with the cybercriminals. The ransomware operators said that they would be offering victims of the cyberattack a universal decryption tool in exchange for a bulk payment of $70 million.
The ransomware group is reported to the same group of cybercriminals that were responsible for a cyberattack on the U.S. subsidiary of the world’s largest meat processor JBS. In the June event, the victim ended up parting with a ransom payment of $11 million.
The JBS case was among the most notable cyber events in U.S. history, considering that the ransomware attack stalled critical operations across several of the organization’s meatpacking establishments – the firm’s North American headquarters in Greeley was also hit.
Experts Analyze REvil’s Strategy
Cybersecurity researchers believe that the holiday weekend’s cyberattack was not carried out by accident, that timing of the events have been found to follow REvil’s operational strategy. Looking back at the JBS attack, the organization became aware that they had been hit by a ransomware attack over Memorial Day weekend, at a time when most of the organization’s workers had taken time off.
Media reports have also cited the prior knowledge of Dutch cybersecurity experts concerning a longstanding Kaseya vulnerability way before the latest cyber event.
According to Victor Gevers from the Dutch Institute for Vulnerability Exposure, it turns out that a software patch had already been made although distribution was forthcoming. Various questions still linger about how REvil attackers became aware of the exploit before release of the software patch.
The details of an article by BleepingComputer report that the ransomware group has made a base ransom demand of $5 million for MSPs and $45,000 in the context of individual firms. Brett Callow, a seasoned threat analyst at cybersecurity company Emsisoft, voiced his expectation that organizations will be scrambling to negotiate with REvil to the point of causing delays in the entire process.
Further, a cybersecurity researcher with Recorded Future stated that REvil’s demand for a joint ransom payment may be the product of the ransomware group’s indication that they may want to quickly conclude their attack.
The statement by Allan Liska from Recorded Future was followed by the expert’s analysis of the thought process behind REvil’s decision that seemingly seeks a fast ending – the ransomware group may have realized that their actions have caused a much bigger problem than they initially envisioned.
The federal Bureau of Investigation has asserted their committed efforts on investigations into the cyber event, and has sent out a public notice that urged victims to assist law enforcement agencies in countering the threat by providing relevant information about individual experiences.
