The notorious REvil gang has claimed responsibility for the widespread supply chain ransomware attack perpetrated over the weekend, demanding $70 million for unlocking computers all around the world.
In one of the most daring attacks, the ransomware gang managed to break into the infrastructure of Managed Service Provider (MSP) Kaseya, and poison an update for their VSA software to deploy ransomware on Kaseya’s business customers.
While the true impact of the attack is yet to be determined, early estimates by cybersecurity vendor ESET seem to suggest the incident has impacted thousands of firms across a dozen different countries.
- These are the best ransomware protection tools
- Protect your devices with these best antivirus software
- Here's our choice of the best malware removal software on the market
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly [sic] decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour,” reads the notice posted on REvil blog.
Can’t outsource risk
Coincidentally, around this time last year, the US Secret Service had warned that threat actors were increasingly targeting MSPs, since successfully compromising them could give hackers the keys to the kingdom.
According to security firm Sophos and Kaseya customers who spoke with The Record, the malicious Kaseya update lands on on-premise VSA servers, from where it deploys the ransomware to all connected client systems.
Kaseya is urging all VSA owners to take their systems offline until further notice.
Mark Loman, malware analyst for security firm Sophos, told The Record that companies who have been impacted are seeing ransom notes of between $50,000 and $5 million, depending on the size of the impacted corporate network.
Meanwhile, in an official statement to The Record, Kaseya’s CEO Fred Voccola claims that the attack impacted “only a very small percentage” of their customers, pinning the number of affected customers at “fewer than 40.”
“MSPs are a high-value target. If an MSP manages a company's security, it's once removed from the company itself, which can mean the actual company is less aware of what is happening. And, as an MSP, you have a ton of data from multiple customers,” Ben Carr, CISO at security company Qualys told TechRadar Pro.
“While you can outsource the work, you can't outsource the risk — almost everyone is susceptible to supply chain attacks,” said Carr.
It isn’t immediately clear if Kaseya is entertaining the idea of paying the ransom, which if honored, would become the highest ransomware payment ever made.
- We've put together a list of the best endpoint protection software
