Ransomware-wielding criminals continue to hone their illicit business models, as demonstrated by the strike against customers of Kaseya. A full postmortem of the attack has yet to be issued, but one question sure to be leveled at the software vendor is this: Should it have fixed the flaw more quickly?
The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins. Experts note this isn't the first time REvil has hit MSPs, or even Kaseya.
Kaseya, the remote IT management vendor hit by a ransomware attack that has disrupted operations for numerous customers, was close to fixing a flaw in its software before the notorious REvil operation struck. One Dutch researcher says the attackers beat Kaseya's patching efforts in a "final sprint."
U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya. Attackers reportedly compromised Kaseya's remote monitoring system, VSA, potentially affecting scores of managed service providers and their clients.
Since Friday afternoon, Mark Loman of Sophos has been immersed in studying the scope and impact of the ransomware attack spread through Kaseya VSA's remote management platform. And he's learned enough about it to say without reservation: This the largest ransomware attack he's seen.
REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators. And the operators are constantly improving the malware, including porting it to Linux to target network-attached storage and hypervisors.
This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends.
The U.S. Cybersecurity and Infrastructure Security Agency has released a Ransomware Readiness Assessment audit tool to help organizations size up their ability to defend against and recover from attacks.
In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.
The code used to build copies of Babuk ransomware - to infect victims with the crypto-locking malware - has been leaked, after someone posted the software to virus-scanning service VirusTotal. Whether the leak was intentional - perhaps a rival gang seeking to burn the operation - remains unclear.
Several proposed class action lawsuits against Scripps Health allege that a recent ransomware attack put personal and health information of nearly 150,000 individuals at risk for fraud. But one of the lawsuits claims that the network disruption also resulted in delay of critical patient care.
What is the life cycle of a ransomware attack, and how can organizations better detect and block them? Peter Mackenzie of Sophos, says that while many victims assume attackers first struck when systems got crypto-locked, the intruders had actually been in the network for "days or weeks."
Cryptocurrency exchange Binance says it recently assisted police in tracking down individuals accused of laundering money for the Clop ransomware group. The exchange acknowledges that illicit money from cyberattacks circulating on virtual currency exchanges is a big security problem.