A ransomware attack on Kaseya, with the hackers demanding $70 million
Businesses around the world were affected by the breach, seizing data and demanding $70 million and it seems this attack could just be the tip of the iceberg. The Florida based company was hacked in early July and was their biggest attack on record, with businesses around the world hit, from schools in New Zealand to supermarkets in Sweden. Kaseya has been quick to respond to the hack and their cybersecurity teams have been working to regain control of stolen data.
Kaseya’s customer’s data was stolen and a ransom of $70 million was demanded for its return. This was a very serious data breach, especially as Kaseya is a managed data provider and they act to provide data services to small and medium sized businesses who don’t have their own tech departments. Kaseya regularly pushes updates its customers, but in this instance, it pushed out malicious software to its customers’ systems leading to the hack.
In the case of this data breach, the security system set up to protect customers had been targeted, leading to the breach. This is a new method for hackers to breach data systems, as they are attacking the actual defence system that is supposed to protect data and this sort of attack has not been used before.
Between 800 and 1,500 of Kaseya’s customers had been affected, although this figure could be higher. Of these victims, 145 were US customers, which included small and medium sized businesses and local and state governments. In a statement by President Biden on Tuesday, he stated that the hack had been felt by smaller businesses such as dentists and accountants, very few domestic companies had been affected.
Biden said, “It appears to have caused minimal damage to US businesses, but we’re still gathering information. I feel good about our ability to be a blessing to be able to respond.”
This hack however has been felt in other parts of the world. In Sweden, hundreds of supermarkets had to close due to their tills being rendered inoperable. Schools in New Zealand were knocked offline.
The Russian hacker group REvil has claimed responsibly for the attack. In June, they hacked the US meat producer JBS and demanded a $11 million ransom. REvil has set itself up as a provider of ransomware, where it leases out its ability to extort businesses to criminals, in exchange for a percentage of each ransom payment. REvil even offers a service to allow its victims to quickly pay ransoms.
It is not known at this stage whether Kaseya had paid the ransom, or had been negotiating with the hackers for a lower figure. If the payment had been made, it would only exacerbate a ransomware arms race. If ransoms are paid, hackers get more money to spend on improving their hacking arsenal, improving operations and acquiring better skilled hackers. When hackers know they will be paid and not get caught, they get more brazen. Therefore we will see a lot more of these attacks coming up in the future.
As these attacks are becoming much more frequent, the Biden administration has been discussing its domestic and international l responses. Biden intends to meet with officials from the department of justice, state and homeland security and other intelligence agencies to discuss the topic of ransomware and find a solution to counter it. They would meet their Russian counterparts next next to discuss this pressing concern.
In a press statement by The White House press secretary, Jen Psaki said, "As the president made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors in Russia, we will take action or reserve the right."