Kaseya ransomware attack affecting 17 countries is the largest in history

Cybersecurity analysts are working to develop patches for software administered by Kaseya after it was compromised in a ransomware attack by an REvil affiliate.

By Anisha Hoppe

Miami, Florida - Cybersecurity analysts all over are scrambling to develop patches for software administered by Kaseya after it was compromised in a ransomware attack by an REvil affiliate.

Because the hackers gained entry to a software company, they then had access to entire chains of customers from all over the world (stock image).
Because the hackers gained entry to a software company, they then had access to entire chains of customers from all over the world (stock image).  © 123RF/nexusplexus

Not long after Joe Biden spoke to Russian President Vladimir Putin about curbing the prevalence of Russia-based cyberattacks, the largest hit on record has rocked industries in countries all over the globe.

As reported by The Associated Press, global software company Kaseya was attacked over the Fourth of July holiday weekend by an affiliate of Russian-based hacking group REvil, likely because hackers expected offices to be understaffed.

Ransomware basically encrypt (or essentially scramble) all the data in a system, and that data can only be useable again with the right decryption key, sold by the attacker at a hefty price.

Kaseya CEO Fred Voccola said that the attack was not the result of phishing and that of the over 37,000 customers the company has, only a few dozen were hacked. Most of those wouldn't even know they had been using Kaseya software to begin with, he added.

Among the victims of the attack are entire grocery store chains and dozens of businesses with their own customers around the world.

The attackers bit off more than they could chew

More than 800 stores are closed in the Swedish grocery chain COOP as the Kaseya cyberattack took down all of their registers.
More than 800 stores are closed in the Swedish grocery chain COOP as the Kaseya cyberattack took down all of their registers.  © IMAGO / TT

However, those customers in turn managed more customers, and the volume of attacked accounts actually seems to have been far more than the REvil affiliate could handle.

Allan Liska, an analyst for cybersecurity company Recorded Future, told AP that the attackers seem to have been overwhelmed, offering smaller ransom fees when they realized that many of their victims were small businesses, and even a one-off $70 million ransom for the decryption key for all those involved.

"This attack is a lot bigger than they expected and it is getting a lot of attention. It is in REvil’s interest to end it quickly," Liska said. "This is a nightmare to manage."

It may not actually be REvil calling the shots in this case. The group merely creates ransomware for "affiliates" who then use it on specific targets and demand the ransoms.

During a press conference on Saturday, President Biden said he did not think the Russian government was responsible, but that investigations were ongoing.

Cover photo: IMAGO / TT

More on Tech: