The world's largest ransomware attack is still making waves, which means it's probably a good idea to get a better understanding of exactly what's happening, who's behind it, and what the governments of the world are planning to do about it.
Online security has been a hot topic for a few years now, with instances of ransomware, security breaches, and dozens of other forms of cybersecurity breakdowns becoming part of everyday online life.
Unfortunately, all this awareness isn't making things better, as the largest ransomware attack in the history of the world was propagated last week, and it's going to cost a pretty penny to get all that data back.
On Friday, software provider Kaseya announced that cyber criminals had breached its servers, subsequently gaining access to thousands of businesses through its IT services package. And the scale of the attack is notably the largest such attack in the world.
“The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said Dmitri Alperovitch, a cybersecurity expert from the Silverado Policy Accelerator to ABC News. “No other ransomware campaign comes even close in terms of impact.”
Since then, the attack has spread like wildfire. According to Kaseya and other cybersecurity experts, the ransomware attack has hit between 800 and 1,500 businesses, with many more likely on the way. Kaseya also stated that the hackers are demanding $70 million in Bitcoin to release the stolen data, which represents one of the largest ransoms demanded from such an attack.
One of the reasons the attack is so prevalent is that the hackers targeted firms that run IT services for other businesses. This has created a domino effect of access, allowing the malware to spread quickly and effectively across the world. In fact, the ransomware attack has now spread to 17 different countries.
Who is behind the ransomware attack?
While the origins of the attack were unknown for a majority of the weekend, cybersecurity experts have analyzed the malware in question and found that REvil, the infamous hacker gang likely based in Russia or Eastern Europe is the culprit.
The group even claimed the attack later in the weekend, stating that it had infected more than a million businesses. This claim has not been verified by any other sources, but the scale of the attack is certainly large enough to turn heads.
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected,” wrote the REvil gang, according to the Record. “If anyone wants to negotiate about universal decryptor–our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal–contact us using victims ‘readme’ file instructions.”
If the name sounds familiar, it should. REvil was most notoriously known for extorting $11 million from meat-processing firm JBS last month, with experts noting the gang's sophisticated and well-funded attacks posing a serious problem for online security.
What's being done to combat the attack?
There are a lot of reasons why this attack spread so quickly and effectively, not the least of which being that it took place during 4th of July weekend. Many short-staffed businesses struggled to contain the damage, contributing to the scale of the attack. Despite the holiday weekend though, the US was quick to act.
“Since Friday, the United States Government has been working across the interagency to assess the Kaseya ransomware incident and assist in the response,” said Anne Neuberger, deputy national security advisor for cyber and emerging technology. “The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working with Kaseya and coordinating to conduct outreach to impacted victims.”
As for what is specifically being done, companies are being advised to not pay the ransom. Instead, US officials have suggested that businesses should report to the Internet Crime Complaint Center to better coordinate a solution to the largest ransomware attack in the world.
What does this mean for online security?
Outside of the potentially problematic relations between the US and Russia, this attack could spell doom for an industry that simply can't keep up with the evolving tactics of its attackers.
The reality is that ransomware remains a serious problem in the online community, and no viable solution has been suggested as of yet. Paying the ransoms have been widely considered a bad idea, but what are businesses to do about all that lost data?
Simply put, all you can do is be as safe as possible. Businesses can employ password managers, VPNs, and remote access software to bolster their overall security, but hacker gangs like REvil are getting more and more proficient by the day. At a certain point, a more universal solution is going to have to come into play, and we hope someone comes up with something soon.