They already call it the greatest attack ransomware of the history. And let’s hope it’s an excess of pessimism. Starting from the infection of Kaseya, a company that provides network monitoring systems, is spreading to hundreds of its customers, potentially putting at risk already – perhaps – millions of PCs according to first estimates.
Their software, VSA, was hit by the cybercrime group REvil already known for targeted attacks on major companies (such as Apple suppliers).
Kaseya reported that around 40 of its customers (IT providers / suppliers) have been affected by the ransomware and recommends that you shut down your systems. Anyone on them now is at risk.
Apple’s supply chain ransomware attack: new device designs stolen
“If each Kaseya client provider has 500 customers (companies) and that each company has five servers and 100 PCs monitored with VSA, it means that REvil hitting a single target has about 100,000 servers and 2 million PCs infected with ransomware at its disposal”, says cybersecurity professional Marco Govoni, explaining the ripple effect that makes this attack so dangerous on a global scale.
The memory already runs to Wannacry which has spread unchecked like a pandemic, even bringing hospitals to their knees. If it had happened during the covid it would have been disaster. Let’s hope that’s not the fate of this ransomware, when the world is still not free from the spectrum of the coronavirus.
The ransomware attack on Kaseya
The attack has spread to at least 200 organizations, according to cybersecurity firm Huntress Labs, which is already one of the largest ransomware criminal attacks in history.
What have been the most aggressive cases of cybercrime in recent years? Find out in the white paper
—-
The attack was first revealed on Friday afternoon – not surprisingly during the American holiday period of July 4th, when fewer corporate IT experts are on hand to stem the problem.
Since these Kaseya customers run hundreds or thousands of businesses, it’s unclear how many will fall victim to the ransomware over the weekend. Of course the number is destined to rise.
The consequences
Among the first consequences, one of the largest Swedish food chains, Coop, temporarily closed almost all of its nearly 800 stores because it was captured by the attack.
The software used to encrypt victims’ computers looks similar to the type normally used by REvil, a ransomware gang largely made up of Russian speakers.
Eric Goldstein, CISA’s assistant executive director for cybersecurity, said his agency and the FBI have begun evaluating the scenario.
“CISA is closely monitoring this situation and we are working with the FBI to gather information on its impact,” Goldstein said in an e-mailed statement.
“We encourage all those who may be affected to employ recommended mitigations and users to follow Kaseya’s lead,” he said.
Because the one in Kaseya is a very dangerous ransomware attack
“The scope of an attack like the one suffered by Kaseya can be enormous because it assumes the behavior of a“ worm ”, just like WannaCry a few years ago,” explains the well-known forensic consultant Paolo dal Checco to Cybersecurity360.it. “The infection spreads automatically, capillary, reaching service retailers and, through them, end users, without the need for human intervention either by attackers or victims”.
You can only “unplug the line”
“The solution, therefore, at least in the early stages nIt cannot be anything other than isolating the system or. once the attack vector / channel is understood and countermeasures are in place – update systems to avoid updates containing malware. The situation is also worsening: the rapidity and extent of infections, combined with the period of the 4th July weekend chosen for the attack, is creating blockages in the assistance centers and in the providers that are unable to handle the requests of the victims of the ransomware, ”says Dal Checco.
One last, albeit obvious, consideration: ransomware attacks are a rapidly growing danger, potentially destabilizing a country’s economic and social infrastructure. The United States (you see) are strengthening their strategy after the recent Solarwinds cases.
Italy woke up on this front (see below). Let’s hope it’s not too late to avoid major casualties.
Here is the National Cybersecurity Agency: how Italy’s cyber security is changing
Eliminate human error with cyber attack-proof procedures!
—- @ALL RIGHTS RESERVED–