Espionage no longer requires physical contact or close vicinity. Attacks can be done, even when the target is thousands of kilometers away.
This time, Russia-linked hackers have been suspected in a massive attack on software provider Kaseya, a Miami-based information technology company that provides IT services to small and medium-sized businesses. The hackers used their access to breach some of its target's clients' clients, setting off a chain reaction that quickly paralyzed many computers and systems.
Because many of Kaseya's customers are companies that manage internet services for other businesses, the number of victims grew quickly.
In a dark-web post, the hackers demanded $70 million in Bitcoins to restore data they are holding for ransom.
The hacker gang, REvil, is best known for hacking targets and planting ransomware. And this is by far, the gang's largest campaign.
The hackers seem to choose their crime spree over the 4th of July, coinciding the U.S. Independence Day.
"On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour," the REvil group posted on their dark web data leak site.
REvil claims that it has compromised more than a million devices.
While there is no way of proving how many systems have been infected, the number is likely to be sizable. it is reported that there should be more than a thousand businesses.
And among those businesses, they are from 17 different countries, including the UK, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand, and Kenya.
The Swedish grocery chain Coop for example, is the largest known victim, and it closed most of its about 800 stores all day on Saturday. This is because its registers were controlled online by Visma Esscom, a Kaseya customer, which in turn was locked up.
Victims also included a number of schools, small public-sector bodies, travel and leisure organizations, credit unions and accountants.
At first, the hackers demand each of the affected victims to pay $45,000. A million victims would yield $45 billion in ransomware demand.
However, the hackers have later demanded $70 million.
The government prefers companies to not contact the hackers by themselves, or give any money, so not to encourage them.
In its own announcement, Kaseya advised customers to shut their servers temporarily to avoid being attacked, or have the infected system to infect other systems.
.@CISAgov is taking action to understand and address the supply-chain #ransomware attack against Kaseya VSA and the multiple #MSPs that employ VSA software. Review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers: https://t.co/48QLkEm1eY
— US-CERT (@USCERT_gov) July 2, 2021
Following the hack, the White House said in a statement that President Biden has "directed the full resources of the government to investigate this incident," and urged businesses to adopt recommendations to ramp up their cybersecurity and defenses.
The President also suggested that the U.S. would respond if it was determined that the Kremlin is at all involved.
But before that, he said that he had asked the intelligence community for a “deep dive” on what happened.
The FBI that is investigating the case, asked businesses to report whether their systems have been compromised, but the agency also said that the scale of the cyberattack "may make it so that we are unable to respond to each victim individually.''
It should be noted that the hack came just two weeks after President Biden sent a personal warning to Russian President Vladimir Putin during the Geneva summit, telling him to stop providing the safe haven to REvil and other ransomware gangs whose extortionary attacks have targeted many in the U.S..
According to the U.S., REvil that has been active since April 2019, provides ransomware-as-a-service, meaning that it develops the network-paralyzing software and leases it to affiliates who then infect targets. REvil can then earn a share of the ransoms. U.S. officials say REvil is among the most potent ransomware gangs.
Previously, REvil has hacked JBS, one of the world's largest meat suppliers, briefly halting the company's operations across much of North America.
And this hack here, is considered bigger than the SolarWinds hack.