Hackers behind a major cyberattack posted a demand on a blog usually used by the REvil gang, a group of cybercriminals with links to Russia. The group has been among the most notorious extortionists in recent months.
Hackers are suspected of having stolen companies’ desktop management tool VSA, which allowed them to infect the tech management provider serving thousands of businesses worldwide.
Among the first to feel the fallout of the attack was the Swedish Coop grocery store chain, forced to close all 800 of its stores since the attack prevented the company from using its cash registers.
As with the SolarWinds incident, this latest attack uses a two-step malware delivery process sliding through the back door of tech environments.
“As with the SolarWinds incident, this latest attack uses a two-step malware delivery process sliding through the back door of tech environments,” ESET researchers claim.
However, the cybercriminals behind the recent attack had a clear monetary goal, whereas perpetrators of the SolarWinds attack had cyberespionage in their sights.
According to ESET, the ransomware used in the Kaseya attack points to the REvil cartel since the malware used in the attack was identified as a product of Sodinokibi, a different name for the REvil gang.
Multiple countries globally have been affected, with the US, Canada, UK, Mexico, Germany, Spain, New Zealand, Argentina, and others named to have suffered from the recent attack.
REvil has been extremely notorious in recent months. The same group or its affiliates targeted the meat supplier JBS, threatening to disrupt North American food supply chains and increase food prices.
JBS paid the cartel $11 million in ransom to avoid further disruptions.
Same threat actors targeted Asarco, an Arizona mining, smelting, and refining subsidiary of Grupo Mexico, in May 2021, releasing copies of employee identity documents.
Reuters reports that earlier on Sunday, the White House said it was reaching out to victims of the outbreak “to provide assistance based upon an assessment of national risk.”
Experts quoted by Reuters claim that multiple attack victims will likely emerge as many small businesses, and public-sector bodies were using the software targeted by the threat actors.
More from CyberNews:
Subscribe to our newsletter