South African firms hit by ransomware attack — and hackers want R1 billion
Russian ransomware group REvil launched an attack on US IT management software firm Kaseya on 4 July, initially demanding $5 million (R71 million) in bitcoin.
The supply-chain attack affected several managed service providers worldwide and is estimated to have impacted over 1000 companies.
The scale of the attack appeared to have surprised even REvil, which soon increased its ransom demand to $70 million (almost R1 billion).
Bloomberg reported that the Dutch Institute for Vulnerability Disclosure worked with Kaseya to fix the security flaws in its Virtual System Administrator software when the attack occurred. Still, the hackers were too quick and capitalised on the vulnerabilities.
Kaseya’s remote monitoring and management system is reportedly directly used by over 900 companies.
Not all the businesses affected use Kaseya’s management software, and the attack was orchestrated to identify vulnerable systems linked to each company it infiltrated.
Due to the attack being launched against the very software that Kaseya uses to manage the security and information of its customers, companies are unable to recover from the attack.
Marcus Murray, the founder of Stockholm-based cybersecurity company TrueSec Inc, said that the attack was a stroke of criminal brilliance.
“From a criminal standpoint, it’s a brilliant supply-chain target to take away the tool that’s needed to recover from the threat,” Murray stated.
“They’re not only encrypting the systems, but they’re also taking the recovery tool out of the equation.”
Sophos vice-president Ross McKerchar stated that the attack is one of the farthest-reaching ransomware attacks that Sophos has ever seen.
Sophos stated that countries from every continent were affected by the attack, including financial services, travel and leisure companies, and the public sector.
ESET security researcher, Aryeh Goretsky, said that among the 17 countries that have been hit so far are South Africa, the UK, the US, Canada, Spain, Argentina and Mexico.
So far, the biggest business that has acknowledged being impacted by the attack is the Swedish supermarket chain Coop.
Reuters reports that Coop could not open over 800 stores because the ransomware had affected its payment systems.
REvil posted a message on their dark web blog claiming responsibility for the attack and offering a universal decryptor in exchange for $70 million in Bitcoin.