On Sunday 4th July, the REvil group confirmed it was behind the recent Kaseya hack, which occurred two days prior. A posting was made on a dark web blog (We recommend using a VPN before browsing onion domains), frequently associated with the group, that demanded $70M ransom in BTC. This makes the Kaseya hack the largest ransomware attack in history.
The full implications of this attack are not yet known, but we expect it to have far-reaching effects. However, considering that President Joe Biden “directed the full resources of the government to investigate this incident” according to a statement from the White House, we can safely assume that the national risk this event poses to businesses and the government itself is enormous.
The Kaseya hack – what happened?
Since Kaseya provides cloud-based solutions and remote monitoring software, it is used by many companies around the world. Although many small and medium-sized businesses use it, most of these have gross revenue of over $1M per year, making Kaseya an obvious target for hackers.
So, what exactly happened? REvil, the group of hackers believed to be behind the supply-chain attack, gained access to Kaseya’s customers’ systems after exploiting vulnerabilities in Kaseya’s software.
The hack has affected various companies, from Sweden’s Coop stores to accountancy businesses in the US. Kaseya has responded to the hack, stating that it believes only a small number of on-premise customers have been affected but has nevertheless advised all customers to keep their on-premise servers offline.
What is the REvil Group?
REvil is a Russian ransomware group behind some of the most significant attacks carried out over the past two years. The group communicates via its Happy Blog, whereby it posts ransom demands to companies it has breached.
What are the biggest ransomware attacks in history?
REvil’s ransom demands make the Kaseya hack the biggest ransomware attack in history. Earlier this year, CNA Financial paid hackers $40M after they gained access to the corporation’s network.
The Colonial Pipeline hack also made waves this year and caused the US government to deem ransomware a national threat akin to terrorism. However, compared to the $70M REvil is asking from Kaseya, the $4.4M Colonial Pipeline payout looks comparatively smaller.
Who is at risk of ransomware?
You may believe that hackers are only interested in carrying out ransom attacks on wealthy corporations. However, this is not the case, and ransomware affects both large and small businesses as well as innocent individuals.
While there are many different types of ransomware, the goal of each is the same; to block access to someone’s computer system or network and release it when a ransom has been paid. This means that even internet users’ systems can be taken over by this malicious software, leaving them unable to access important files.
As this recent incident shows, ransomware is becoming a severe threat that even the US government is unsure of how to tackle effectively. Therefore, it is more important than ever to equip yourself with the right privacy tools when using the internet. Make sure you never surf the web without active antivirus software and try to use a VPN to hide your IP address when possible.