On Friday, July the 2nd, a ransomware attack centred on Kaseya paralyzed hundreds of businesses on all five continents.
About the firm:
Kaseya is a Florida-based IT firm. It sells software and services, such as IT management, to third-party service providers. Kaseya systems are then used by small and medium sized businesses for their own technical departments and to ensure security for their systems.
Who are the victims?
The ransomware attack affected around one thousand businesses across the globe – those include dentists’ offices, small accounting offices and local restaurants. In Sweden, hundreds of supermarkets had to close when their cash registers were deactivated, and in New Zealand, many schools and kindergartens were disconnected. The hackers’ representative described the disruption in New Zealand as an “accident”, but they expressed no such regret about the disruption in Sweden.
The REvil hacker group have claimed responsibility for the attack. The REvil group is infamously known as “ransomware-as-a-service” providers. They supply tools for others to carry out ransomware attacks and take a cut of the profits. The group also executes some of its own attacks. It is believed that the REvil group is operating out of Eastern Europe or Russia because its representatives communicate online in Russian language and its attacks are generally designed to avoid Russian devices, experts say.
What is the cost of recovery?
The attackers requested a $70 million payment in bitcoin in exchange for a decryption tool. That tool could help victims recover from the attack. “No comment on anything to do with negotiating with terrorists in any way,” Fred Voccola, Kaseya’s chief executive officer, told in an interview for Reuters magazine. When the hackers were successful, he said, they accrued more financial resources, enabling them to acquire better equipment, improved operations, and more skilled hackers. “We are always ready to negotiate,” a representative of the hackers replied.