While many consumers were celebrating the Fourth of July, a ring of international hackers were celebrating for an entirely different reason. Over the holiday weekend, the cybercrooks locked up more than a million individual computer devices and were demanding $70 million in bitcoin as a ransom.
The hackers have been identified as REvil, the Russian group known for hacking meat supplier JBS earlier this year. This time around, REvil compromised Kaseya Limited, a U.S. software company that develops IT management software.
The hack affected many of Kaseya’s customers, including the Swedish grocery store chain Coop. It forced the company to close more than half of its 800 stores and rendered the retailer’s cash registers and self-service checkouts inoperable.
Hackers upping their game
Cybersecurity analysts worry that REvil has pushed the limits of hacking further than experts are equipped to handle. Some of Kaseya's customers are firms that oversee internet services for other companies, so REvil was able to snowball the number of victims rapidly.
While many hack attacks try to tie up a single, standalone company, REvil was able to isolate each computer in Kaseya’s list of customers and ransom it separately. Reports say that REvil’s initial ransom request was for $45,000 to unlock each individual device.
On its face, Kaseya’s situation sounds dire. However, the company said things aren’t as bad as they seem.
“While impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure,” said Fred Voccola, the company’s CEO. “Many of Kaseya’s customers are managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists’ offices, small accounting offices and local restaurants.”
Added up, Voccola said only 800 to 1,500 of Kaseya’s customers were compromised by the hack out of an estimated 800,000 to 1,000,000 local and small businesses it manages. Nonetheless, Voccola said his company’s global teams were working around the clock to get our customers back up and running.
“We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved,” he said.
President Biden offers “full resources” to hacked victims
Shortly after REvil’s attack was set in motion, the U.S. government stepped in to help. Over the weekend, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) worked with Kaseya to offer some assistance to the victims of the hack.
President Biden said he was offering the “full resources'' that he has at his disposal to assist in the response. As part of the effort, FBI and CISA officials created a detection tool for small businesses that uses Kaseya’s platform to analyze their computer systems and determine whether any indicators of a hack are present.