–
The Center for Cybersecurity (CCB) warns of a large-scale international cyberattack with ransomware. At least 200 companies worldwide have been affected by this attack, which is attributed to the Russian hacker group REvil.
–
In concrete terms, this concerns an attack on software that is used by all kinds of organizations worldwide for IT management, explains CCB spokesman Andries Bomans. Because the software has certain vulnerabilities for hackers, all those organizations are now at risk of being hacked. The CCB has already asked all Belgian organizations that work with the software program Kaseya VSA to switch off that system immediately. It is difficult to predict how long such a cyber attack will take, says Bomans, but usually the supplier comes up with an update of the system fairly quickly.
–
Already 200 companies affected
The attack began in the night from Friday to Saturday and has already hit at least 200 companies in 17 countries worldwide, including the United Kingdom and the United States. Sweden, South Africa, Canada, Spain, Mexico and Argentina. Cybersecurity company Huntress Labs even spoke of more than 1,000 affected companies on Saturday evening. Those companies are all customers of eight IT service providers that were the target of the ansomware attack. According to the CCB, it is a variant of the REvil ransomware. REvil is a Russian-linked hacker group that managed to install the malware through a fake update of Kaseya.
–
One of the biggest victims of the new cyber attack is the Swedish supermarket chain Coop. It has had to temporarily close 500 of its 800 stores in the country, because the cyber attack paralyzed the cash registers. Coop has a market share of 20 percent in the Swedish supermarket sector and an annual turnover of approximately 1.5 billion euros.
–
Belgian victim
It is not entirely clear whether Belgian companies have already been affected. The Antwerp ICT service provider ITxx sent a press release on Saturday in which it claims to be hit by a ransomware attack, which allowed hackers to encrypt all data and emails from the company and 50 customers. These clients are mainly SMEs, active in human resources, temporary employment offices and service voucher companies. For the time being, they do not have access to their IT data or its backups.
–
ITxx is working with the Computer Crime Unit of the Federal Judicial Police and with ransomware specialists from the cybersecurity company Secutec on a solution “to enable a safe reboot”, it sounds in a press release. The ICT service provider has already filed a report with the Data Protection Authority.
–
Ransom demanded
In a ransomware attack, the hackers usually demand a ransom. According to American media, the amounts demanded range from $ 45,000 to $ 5 million. With the threat that the amounts would double if payment is not made within the week. According to security company Emsisoft, at least $ 18 billion was paid to such hackers last year.
–
Ransom is also demanded from the Antwerp IT company. Steven Holvoet of ITxx is silent in all languages about how much money the hackers want. “But they demand a very high ransom, a hundred times what is usually demanded.” Hovloet does not want to say whether the company will pay. He expects the problems to continue for at least a few more days.
It is not certain whether ITxx is a victim of the large-scale ransomware attack via the IT management software of supplier Kaseya VSA. According to Holvoet, the Antwerp company does not use that software.
–
What is REvil?
REvil is one of the most notorious hacker groups, believed to be operating out of Russia. They are known for frequent distribution of ransomware.
–
With this ransomware, company data is encrypted, so that the company can no longer touch the data. Only if the company pays a ransom will the data be released. But the REvil hackers go one step further. “REvil threatens not only to leak data, but also to auction it,” security researcher Brett Calloway of the security company Emsisoft recently told De Tijd. In this way, the hackers prove that they do have the data, and extra pressure is put on the ‘victim’.
–
The American meat company JBS recently paid 11 million dollars (9 million euros) to REvil. The American arms manufacturer Sol Oriens also fell victim to REvil. As proof, REvil published, among other things, a salary overview of Sol Oriens employees.
–
REvil is no stranger to our country either. At the beginning of 2020, both the Belgian branch of the German truck manufacturer MAN and the Ypres weaving machine manufacturer Picanol became entangled in REvil’s hacker networks.
–
REvil claims it made $100 million in profit from its cyber attacks last year.
–
–
–