A Swedish grocery chain. An outpatient surgical center in South Carolina. A mid-size Florida law firm.
A massive cyberattack timed to coincide with the US July 4 holiday weekend has locked up the IT systems of “well over 1,000 businesses” across the world, according to the US cybersecurity firm Huntress Labs. Experts say the breach could turn out to be the largest ransomware attack ever.
The Kaseya breach spreads globally
It all started with a Miami, Florida-based IT services company called Kaseya, which provides security software for scores of large-scale cybersecurity contractors, which in turn sell their security services to thousands of businesses worldwide. After hackers breached Kaseya’s servers on Friday (July 2), they were able to quickly leap into at least 40 cybersecurity contractors’ systems. From there, they infected hundreds of businesses with ransomware over the weekend.
The attack encrypted infected businesses’ data, locking those firms out of their own IT systems. The hackers demanded ransoms of $50,000 from smaller companies and $5 million from larger companies in exchange for a special key that would allow them to decrypt their data and resume normal operations.
Most of the affected companies were in the US, but the cyber chaos also spread internationally. Swedish grocery chain Coop was forced to close 500 supermarkets on Saturday (July 3) after the hack knocked its cash registers offline. The company was able to reopen many of its stores the following day by asking customers to use a “scan & pay” app on their smartphones to pay for their groceries.
REvil may be responsible for the Kaseya attack
Cybersecurity experts were quick to blame the attack on Russia-based hacking group REvil—the same gang that shut down JBS, the world’s largest seller of meat in June, and successfully extorted the Brazilian company for an $11 million ransom.
REvil is one of several ransomware gangs operating with relative impunity out of Russia, where authorities typically turn a blind eye to hackers, so long as they focus their pillaging on the regime’s geopolitical rivals. In June, US president Joe Biden called on his Russian counterpart Vladimir Putin to crack down on cybercriminals, and warned that if Russia did nothing to stop the attacks, the US would be forced to respond “in a cyber way.”
Biden has ordered a probe of the Kaseya attack, but stopped short of blaming REvil or Russia directly. “The initial thinking was it was not the Russian government but we’re not sure yet,” he said on July 3, according to Reuters. “If it is either with the knowledge of and/or a consequence of Russia then I told Putin we will respond.”
Ransomware attacks are on the rise
This weekend’s hack is the latest in a recent boom of ransomware attacks, most prominent among them the May shutdown of the Colonial Pipeline, which disrupted fuel supplies across the US east coast. The attacks have surged during the pandemic, as criminals targeted hospitals and other key public infrastructure. In 2020, ransomware attacks rose 715% year over year, according to one estimate from the cybersecurity firm Bitdefender.
The spate of hacks has prompted fresh debate over whether companies should pay ransoms to cyber criminals. Law enforcement agencies and cybersecurity experts warn that the multi-million-dollar ransom payments have turbocharged hacking gangs’ growth and incentivized more criminals to enter the field seeking big scores. The payments have also put a strain on insurance companies that offer cyber policies; in response, they’ve sharply raised premiums on companies over the past year.