Global Ransomware Attack: Russia-Linked Hackers Demanded $70 Million
The single biggest global ransomware attack on record continues to wreak havoc as new details emerged Monday over how Russia-linked hackers breached security.
Thousands of victims in at least 17 countries were targeted by an affiliate of the notorious REvil gang. Victims were infected largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.
REvil was demanding payments of up to $5 million. This changed late Sunday, when REvil posted on its dark website a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency.
A wide range of businesses and agencies were affected, including those in financial services, travel and leisure and the public sector, reported cybersecurity firm Sophos. Cybersecurity firm ESET identified victims in countries including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Sweden’s defense minister, Peter Hultqvist, said in a television interview Monday that this was “a serious attack on basic functions in Swedish society.” Grocery, pharmacy and gas chains closed all weekend because their cash register software supplier was crippled.
“It shows how fragile the system is when it comes to IT security and that you must constantly work to develop your ability to defend yourself,” Hultqvist said.
Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay the ransom.
On Sunday, the FBI said in a statement that the scale of the attack "may make it so that we are unable to respond to each victim individually."
Deputy National Security Advisor Anne Neuberger later issued a statement that said President Joe Biden had "directed the full resources of the government to investigate this incident" and urged all who believed they were compromised to alert the FBI.
The breached company was Kaseya Limited, a Miami-based business that develops software for managing networks, systems, and information technology infrastructure.
CEO Fred Voccola told CBS News that the level of sophistication in the attack was "extraordinary."
© Copyright IBTimes 2024. All rights reserved.