Worldwide, between 800 and 1,500 companies and organizations have fallen victim to the chain attack carried out last Friday by the REvil hackers. The exact extent and the damage caused by the Russian hackers is as yet unknown. It is also unclear whether Kaseya is negotiating with the attackers.
Fred Voccola, the CEO of IT service provider Kaseya, opens up to Reuters news agency about the supply chain attack.
The number of victims of supply chain attack is rising fast
As time goes on, we learn more and more about REvil’s cyber attack. This was launched worldwide on Friday evening Dutch time. The attackers took advantage of a zero day exploit in VSA. This is software that is used by thousands of ICT service providers worldwide to remotely manage servers and computer systems of customers. This vulnerability left the door wide open to install ransomware. The ransomware ensured that systems were locked and data was no longer accessible to employees.
We already knew that hundreds of companies and organizations had fallen victim to the leak. For example, the supermarket chain Coop in Sweden was forced to close hundreds of branches because the checkout system was down. In New Zealand, schools and childcare centers were unable to offer their services as a result of the attack. In total there were victims in 17 countries, including the Netherlands .
The director of Kaseya tells Reuters that between 800 and 1,500 agencies have been affected by the supply chain attack. Voccola cannot say whether vital organizations such as providers or banks have become the target. “We don’t look at the critical infrastructure. That’s not our job. We are not responsible for AT&T’s network, or emergency lines for emergency services,” the chief executive told Reuters.
CEO does not want to say anything about possible ransom payments
Another tricky point that Voccola does not want to say much about is the ransom. REvil posted a message on the dark web Sunday evening that they were willing to publish a universal decryption key. This means that the affected companies and organizations will be operational again ‘within an hour’. The hacker group is demanding $70 million in bitcoin for the decryptor . An anonymous hacker tells Reuters that REvil is willing to lower the opening bid. “We are always open to negotiations,” said the hacker.
He declined to say whether Voccola is willing to accept the hackers’ offer. “I can’t answer that question with ‘yes’, ‘no’ or ‘maybe’. I am not saying anything about possible negotiations with terrorists.” The CEO also declined to comment on whether representatives from the White House, FBI or CISA had advised him not to pay, which is the official position of the US government and security services.
Voccola says there is no evidence that the hackers had access to Kaseya’s systems. Cybersecurity experts suspect that the attackers eavesdropped on the company’s communications and learned from the vulnerability in the VSA software. The chief executive promises to provide more details about the supply chain attack once the issue is resolved.
Paying ransom to hackers is controversial
Paying ransom to hackers and cyber criminals is a controversial topic in the US, just like in our country. The idea is that paying sends the message that crime pays. Moreover, paying ransom maintains criminals’ revenue model. Colonial Pipeline, one of the largest oil companies in the US, recently paid $4.4 million to DarkSide to end a ransomware attack. General manager Joseph Blount said he did so out of national interest.
Meat producer JBS recently paid a whopping $ 11 million to get rid of hackers. “It was a very difficult decision to make for our company and me personally. However, we felt that we should make this decision to avoid any risk to our customers,” CEO Andre Nogueira defended his decision to pay the ransom.
Attack almost repulsed by Dutch hackers
Voluntary security experts and ethical hackers from the Netherlands almost succeeded in repelling REvil’s attack . The Dutch Institute for Vulnerability Disclosure (DIVD) discovered a leak in Kaseya’s software. They contacted the company to fix the vulnerability. For days, both parties worked together on a solution.
But last Friday night, the high-profile supply chain attack suddenly took place. “If we had had a little more time, we would have succeeded,” DIVD members Wietse Boonstra and Frank Breedijk told Vrij Nederland.
Dave Maasland, director of the Dutch branch of security company ESET, has told various media that the attackers have been smart. “To enter the companies, they looked at which ‘toolbox’ the affected IT companies use, which software to perform remote maintenance.” As a result, the attackers managed to inflict hundreds of victims in a short time. According to the security specialist, there is little that victims can do against these kinds of attacks.
Catch up on more articles here
Follow us on Twitter here