Another Massive Ransomware Attack

Massive Ransomware Attack May Impact Thousands of Victims

WASHINGTON (AP) — A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.

(Bloomberg) – Just weeks after President Joe Biden implored Vladimir Putin to curb cyber crime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain.

REvil, the group blamed for the May 30 ransomware attack of meatpacking giant JBS SA, is believed to be behind hacks on at least 20 managed-service providers, which provide IT services to small- and medium-sized businesses. More than 1,000 businesses have already been impacted, a figure that’s expected to grow, according to the cybersecurity firm Huntress Labs Inc.

“Based on a combination of the service providers reaching out to us for assistance along with the comments we’re seeing in the thread we are tracking on our Reddit, it’s reasonable to think this could potentially be impacting thousands of small businesses,” according to John Hammond, a cybersecurity researcher at Huntress Labs.

Biden said he had ordered a “deep dive” by U.S. intelligence officials on what happened in the attacks. At this point, he said “we’re not sure” that Russia is behind them.

“I directed the intelligence community to give me a deep dive on what’s happened and I’ll know better tomorrow,” Biden said, recalling that he told Putin during their meeting in June that the U.S. would respond to cyber transgressions. He added that he hasn’t called the Russian president about the latest case.

Biden Says ‘Not Sure’ If Russia Is Behind Latest Cyberattack

“We’re not sure it’s the Russians,” he said. “The initial thinking was, it was not Russian government, but we’re not sure yet.”

Attacking MSPs is a particularly devious method of hacking, since it may allow the attackers to then infiltrate their customers as well. Hammond said more than 20 MSPs have been affected so far.

In Sweden, most of grocery chain Coop’s more than 800 stores couldn’t open on Saturday after the attack led to a malfunction of their cash registers, spokesperson Therese Knapp told Bloomberg News.

There are victims in 17 countries so far, including the U.K., South Africa, Canada, Argentina, Mexico and Spain, according to Aryeh Goretsky, a distinguished researcher at cybersecurity firm ESET.

1 Like

I’m sure Biden has a rock solid plan to address the ransomware attacks.

I hope he doesn’t get in trouble when he shares it with the press.

4 Likes

So if we find the location of the hacker or hackers would a samurai missile be too much?

2 Likes

Ttt

This is the new geopolitical war, crazy how we fail to see that!

What the heck is a MSP?

Managed Services Provider.

Was it one of the 15 on the list bumbling stumbling Biden said was off limits to Putin? If so, Putin is in deep doo doo!!

It has little to do with the executive branch. Even if foreign hackers are indicted & extradited, there’s a thousand more who will fill the void.

The answer is essentially to consider all of a company’s network vulnerable. We made ourselves ransomware resistant by doing the basics: replicating everything to an isolated off site backup.

So if we get hit we’re going to spend a day standing up domain controllers and VM hosts, and then we’re back in action. Rather than negotiating six-figure payments to a bunch of fuckheads to decrypt our shit.

Why doesn’t every company do that? Because they’re cheap. Hence the reason they’re using a MSP in the first place instead of hiring competent IT teams > spending money on resources > planning for disasters, etc.

A lot of IT environments are the fucking wild-west.

Bill Gates
Windows Microsoft.
?

I actually just did a presentation on this group last week during a meeting at work.

I hate being right.

This is all just a test run for the power grid hack that is coming. The great reset is very real

1 Like

Managed Service Providers are IT companies that provide all services needed to maintain a company’s systems, on premises, cloud, and everything in between.

MSP’s use tools called RMMs, remote managing and monitoring tools. They are in effect a “keys to the kingdom” solution so you can manage everything centrally. You automate patching, restarts, performance analysis, software deployment, etc.

In this case, the RMM Kaseya was owned with a supply chain attack and the MSPs using Kaseya and the MSP’s clients are now owned.