The July 4th weekend is usually a time of rest and festivities. For many business owners and IT workers, however, the weekend brought only frustration and fear, as a Russia-based hacking group was able to sieze control of thousands of businesses' files in an incredibly extensive ransomware attack, according to The Washington Post.
The group, known as REvil, is seeking a ransom of $70 million in exchange for a decryptor key that will allow victims to reaccess their files.
A massive undertaking
REvil was able to gain access to files by exploiting a vulnerability in a software update from the IT company Kaseya. Kaseya's software is used by IT companies known as Managed Service Providers (MSPs) to help clients oversee their networks. By working their way into this IT supply chain at the source, the hackers were able to utilize MSPs to spread ransomware to their customers. Exploits like this are known as "supply chain attacks."
While the first signs of the attack were noticed July 2, experts believe that far more businesses will come forward in the days ahead, as owners come back from the holiday weekend and attempt to access their data. The attack has already impacted thousands of businesses, many smaller organizations, across multiple sectors. One of the largest companies affected was the Swedish grocery chain Coop, which was forced to close hundreds of stores because employees were locked out of cash registers.
While the FBI said in a public statement that it was investigating the attack, it warned that it may not be able to respond to individual requests because of the high number of victims. The agency did, however, encourage impacted businesses to report that they had been hacked, so that the agency could ultimately understand the full scope of the attacks.
"Please include as much information as possible to assist the FBI and CISA in determining prioritization for victim outreach. Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat," the statement read.
Kaseya has also admitted that its vulnerability was REvil's initial entry point, calling it a "sophisticated cyberattack."
History of hacking
While last week's cyberattack may go down as REvil's most notorious yet, the hacking group carried out similar exploits against major corporations before. Most recently, the group made the news for targeting global meat supplier JBS with a ransomware attack.
According to WIRED Magazine, part of the reason REvil goes after high-profile companies, despite the risk, is because the group licenses out its ransomware attacks for other hackers to use — so long as the group gets some credit and compensation. This model spreads REvil-created threats rapidly, with far more limited exposure to the hackers in the group themselves.
While battling threats from further up the supply chain can be a challenge for businesses, employing the right network solutions and following basic cybersecurity best practices can be a step in the right direction.
Cybersecurity you can trust
One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication, and some vendors are even moving to integrate biometric recognition technologies such as fingerprint readers.