Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › News › Ransomware attack has hit more than 100 companies

    Ransomware attack has hit more than 100 companies

    By Ratnesh ShindeJuly 4, 2021
    Facebook Twitter Reddit LinkedIn
    ransomware.jpg

    According to a cybersecurity researcher whose company was investigating the issue, a ransomware attack stopped the networks of at least 200 U.S. companies on Friday, causing them to go offline.

    According to John Hammond of the security firm Huntress Labs, the hack appears to have been carried out by the REvil gang, a prominent Russian-speaking ransomware group. He said that the hackers targeted a software supplier named Kaseya and that they used the company’s network-management package as a conduit to propagate the ransomware among cloud-service providers. According to Hammond’s assessment, other researchers concurred.

    Hammond on Twitter sent a direct message, “Kaseya handles businesses of all sizes, from major corporations to tiny enterprises throughout the world. “Ultimately, (this) has the potential to expand to any size or scale business.  This is a massive and destructive supply chain attack,”

    Cyberattacks of this kind often penetrate commonly used software and distribute malware when the software upgrades automatically.

    It was unclear how many Kaseya customers could have been affected or who they might have been at the time of posting. According to a statement on the company’s website, Kaseya recommended clients immediately shut down servers using the vulnerable software. As per the company, the attack was restricted to a “small number” of its clients.

    Emsisoft’s Brett Callow, a ransomware expert who works for the company, said he was not aware of any prior ransomware supply-chain attacks of this magnitude. There have been a few more, but they have all been very small, according to him.

    His explanation: “This is SolarWinds infected with ransomware.” He was alluding to a Russian cyber espionage hacking effort that was uncovered in December and expanded by infecting network management software, allowing it to infiltrate federal agencies in the United States as well as a large number of businesses.

    Jake Williams, president of Rendition Infosec, a cybersecurity research company, said he was already dealing with six organizations that had been infected by ransomware. He went on to say that it was no coincidence that this occurred before the Fourth of July weekend when IT personnel is often weak.

    In his words, “There is absolutely no doubt in my opinion that the timing here was deliberate.”

    Among the victims of ransomware, according to Huntress, are four managed-services providers — firms that host IT infrastructure for several different clients. Ransomware encrypts networks until the victims pay off attackers. He claimed that thousands of PCs had been compromised.

    In the meantime, Hammond added, “We now have three Huntress partners who are impacted by about 200 firms that have been encrypted.”

    “Based on what we are seeing right now, we are certain that this (is) REvil/Sodinikibi,” Hammond said on Twitter. According to the FBI, the same ransomware supplier was responsible for an assault on JBS SA, a large global meat processor, in May.

    The federal Cybersecurity and Infrastructure Security Agency said in a statement issued late Friday that it is actively watching the situation and is collaborating with the FBI to gather additional information about the scenario’s potential consequences.

    “Follow Kaseya’s instructions to shut down VSA servers immediately,” the CISA advised anybody who could be affected. It is Kaseya who operates what is known as a virtual system administrator (or VSA), which is used to remotely administer and monitor a customer’s network.

    Kaseya, which is privately held, claims to be headquartered in Dublin, Ireland, with a U.S. headquarters in Miami. In an article on the company’s plans to hire as many as 500 employees by 2022 to operate a recently acquired cybersecurity platform, the Miami Herald referred to it as “one of Miami’s oldest digital businesses.”

    According to Brian Honan, an Irish cybersecurity specialist, “this is a classic supply chain assault in which the crooks have infiltrated a trusted supplier of firms and have misused that trust to target their clients,” according to an email sent Friday.

    It might be difficult for smaller firms to defend themselves against this sort of assault, according to him, since they “rely on the security of their suppliers and the software that those suppliers are using.”

    It is only because “a lot of our customers do not have Kaseya installed on every workstation in their network,” according to Williams of Rendition Infosec, that attackers will be able to travel more easily throughout an organization’s computer systems. According to him, this makes recuperation less difficult.

    Known as REvil, the cybercriminal organization has been active since April 2019. It delivers ransomware as a service, which means that it develops the crippling malware and rents it to so-called affiliates who infect targets and collect the lion’s share of the ransoms collected.

    REvil is one of the ransomware gangs that steal data from their targets before triggering the ransomware, allowing them to increase the amount of money they may demand in ransom. According to a recent analysis by the cybersecurity firm Palo Alto Networks, the average ransom payment to the gang was about half a million dollars last year, according to the group.

    Given the enormous number of victims, several cybersecurity experts expected that the gang would struggle to handle the ransom discussions — albeit the lengthy US holiday weekend may provide them with extra time to begin going down the list.

    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Ratnesh Shinde

    Related Posts

    NVIDIA GeForce NOW is Finally Coming to India

    January 8, 2025

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024
    Lists You May Like

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.