Hackers behind a major cyberattack posted a demand on a blog usually used by the REvil gang, a group of cybercriminals with links to Russia. The group has been among the most notorious extortionists in recent months.
According to Reuters, the gang demands $70 million to restore the data it is holding for ransom. The cyberattack that was spotted over the weekend was targeted at a US tech provider Kaseya.
Hackers are suspected of having stolen companies’ desktop management tool VSA, which allowed them to infect the tech management provider serving thousands of businesses worldwide.
Among the first to feel the fallout of the attack was the Swedish Coop grocery store chain, forced to close all 800 of its stores since the attack prevented the company from using its cash registers.
As with the SolarWinds incident, this latest attack uses a two-step malware delivery process sliding through the back door of tech environments.
Data gathered by ESET indicates that the Kaseya attack is similar to the infamous SolarWinds attack since both can be categorized as supply-chain attacks.
“As with the SolarWinds incident, this latest attack uses a two-step malware delivery process sliding through the back door of tech environments,” ESET researchers claim.
However, the cybercriminals behind the recent attack had a clear monetary goal, whereas perpetrators of the SolarWinds attack had cyberespionage in their sights.
According to ESET, the ransomware used in the Kaseya attack points to the REvil cartel since the malware used in the attack was identified as a product of Sodinokibi, a different name for the REvil gang.
Multiple countries globally have been affected, with the US, Canada, UK, Mexico, Germany, Spain, New Zealand, Argentina, and others named to have suffered from the recent attack.
REvil has been extremely notorious in recent months. The same group or its affiliates targeted the meat supplier JBS, threatening to disrupt North American food supply chains and increase food prices.
JBS paid the cartel $11 million in ransom to avoid further disruptions.
Same threat actors targeted Asarco, an Arizona mining, smelting, and refining subsidiary of Grupo Mexico, in May 2021, releasing copies of employee identity documents.
Reuters reports that earlier on Sunday, the White House said it was reaching out to victims of the outbreak “to provide assistance based upon an assessment of national risk.”
During a recent meeting, President Joe Biden told Russian President Vladimir Putin on Wednesday that certain critical infrastructure should be “off-limits” to cyberattacks.
Experts quoted by Reuters claim that multiple attack victims will likely emerge as many small businesses, and public-sector bodies were using the software targeted by the threat actors.
More from CyberNews:
XXI century mafia: criminal enterprises at the heart of ransomware
New ransomware group Hive leaks Altus group sample files
The evolving ransomware landscape
Multiple US energy firms attacked with ransomware in the past 12 months – report
The rise of makeshift ransomware: what is Epsilon Red and should you worry about it?
Subscribe to our newsletter
