The damage to US businesses from the biggest ransomware attack of all time seems minimal, claims the Biden government.
WASHINGTON – President Joe Biden said Tuesday that US companies are im Largest ransomware attack in history appears minimal, although the information is incomplete. The company whose software was exploited said fewer than 1,500 companies worldwide appeared to be compromised, but cybersecurity experts warn the incident is not over yet.
Also on Tuesday, a security researcher who chatted online with representatives of the Russia-affiliated REvil gang behind the attack said they alleged stolen data from hundreds of companies but did not provide any evidence.
Answering a question from a reporter at a vaccination-related event at the White House, Biden said his national security team informed him Tuesday morning of the attack that launched a powerful remote management tool from Miami-based software company Kaseya in what is known as an attack on the supply chain.
“It appears to have done minimal damage to US companies, but we are still collecting information,” said Biden. “And I’ll have more to say about that in the next few days.” An official with the Cybersecurity and Infrastructure Security Agency said on condition that they would not be further identified, said no federal agencies or critical infrastructure would be affected.
On Wednesday, Biden and Vice President Kamala Harris will host an interagency meeting to discuss government efforts to combat ransomware.
White House spokeswoman Jen Psaki promised retaliation. What Biden said to President Vladimir Putin in Geneva last month still applies: “If the Russian government cannot or does not want to take action against criminal actors based in Russia, we will take action or reserve the right to take action ourselves.”
What kind of action that would be is unclear.
Biden has repeatedly said that the Kremlin is responsible for providing safe haven for ransomware criminals, even if it is not directly involved. There is no evidence that Putin acted against the gangs. Psaki said Russian and US officials would meet next week to discuss the matter.
The Republican National Committee further underscored geopolitical interests in cyberspace, saying Tuesday it was informed over the weekend that one of its contractors had been injured, although it was not immediately clear by whom. The RNC said no data was accessed. Contractor Synnex said separately that the measure “could possibly be related to recent cybersecurity attacks by managed service providers,” a likely indication of last week’s violations.
Friday’s attack disabled businesses in at least 17 countries. It closed most of the Swedish co-op chain’s 800 supermarkets over the weekend because the registers stopped working, and reportedly shut down more than 100 New Zealand kindergartens.
Kaseya said it estimates only about 800 to 1,500 of the estimated 800,000 to 1,000,000, mostly small business end users, will be affected by its software. They are customers of companies that use the Kaseya Virtual System Administrator or VSA product to fully manage their IT infrastructure.
However, cybersecurity experts said it is too early for Kaseya to know the real impact of the launch on the eve of the July 4th holiday weekend in the US.
Ransomware criminals infiltrate networks and sow malware that cripples them by encrypting all of their data. Victims receive a decoder key when they pay. Most ransomware victims do not publicly report attacks or reveal whether or not they have paid a ransom. In the United States, state law requires breach disclosure when personal information that could be used for identity theft is stolen. Federal law prescribes that health records are disclosed.
Security researchers said that in this attack, the criminals did not appear to have time to steal data before locking networks. That begged the question of whether the motivation behind the attack was profit alone, as blackmail through the threat of revealing sensitive stolen data increases the chances of large payouts.
However, Ryan Sherstobitoff, head of threat intelligence at cybersecurity firm Security Scorecard, said REvil officials Saturday alleged stolen data from hundreds of companies and threatened sales if ransom demands of up to $ 5 million were made for major victims would – they were looking for $ 45,000 per infected computer – were not met.
“The operators claim so, although there is not necessarily direct evidence,” added Sherstobitoff, who said he disguised himself as a victim to attack the criminals. He said the criminals claimed banks were among the victims.
REvil offered a universal software decoder to free all victims for a lump sum of $ 50 million, he added. On Sunday that sum rose to $ 70 million in a post posted on the criminals’ dark website.
Analysts say the havoc ransomware criminals wreaked over the past year – hitting hospitals, schools, local governments and other targets about one person every eight minutes or so – serves Putin’s strategic agenda to destabilize the West.
Most of the more than 60 Kaseya customers affected, according to company spokeswoman Dana Liedholm, are managed service providers (MSPs) with multiple downstream customers.
“Given the relationship between Kaseya and MSPs, it is not clear how Kaseya would know the number of victims affected. The numbers are by no means as low as Kaseya claims, ”said Jake Williams, chief technical officer of cybersecurity firm BreachQuest. Other researchers also questioned Kaseya’s visibility in relation to crippled managed service providers.
The hacked VSA tool remotely manages customer networks and automates security and other software updates. In essence, a network protection product was cleverly used to spread malware.
In an interview on Sunday, Kaseya CEO Fred Voccola estimated the number of victims to be “the low thousand”. The German news agency dpa had reported that an unnamed German IT service provider had informed the authorities that several thousand of its customers had been compromised. Two Dutch IT service companies were also among the reported victims.
A wide range of businesses and government agencies have appeared to have been hit on every continent, including financial services, travel and leisure, and the public sector – albeit a few large companies, said cybersecurity firm Sophos.
Liedholm, the spokeswoman for Kaseya, said the vast majority of the company’s 37,000 customers have not been affected and the company expects to release a patch on Wednesday.
REvil, previously best known for extorting $ 11 million from meat processing giant JBS after hobbling on Memorial Day, broke into at least one Kaseya server after identifying a “zero day” vulnerability, said Cybersecurity researcher.
Dutch researchers said they alerted Kaseya to Zero Day and a number of “serious vulnerabilities” prior to the attack. Neither she nor Kaseya would say how far in advance.
Associated Press reporters Darlene Superville and Eric Tucker in Washington and Alan Suderman in Richmond, Virginia contributed to this report.
#Cyber #security #experts #warn #latest #massive #ransomware #attack