A ransomware attack by the Russian-based REvil gang on the eve of the July 4th US holiday weekend may end up being even larger than the recent SolarWinds hack, an Israeli cybersecurity expert has told The Jerusalem Post.
The supply-chain attack on IT management software provider Kaseya has been under-reported in the media due to the holiday, but may set a new precedent for future cyberattacks, said Demi Ben-Ari, Co-Founder & CTO of Tel Aviv-based security management company Panorays.
Kaseya provides IT management tools for some 40,000 customers worldwide. The company has said that REvil managed to target only about 40 of its clients, but that some of those are Managed Service Providers (MSPs) that may each work with hundreds of businesses.
“That means the viral distribution of this thing is going to be massive,” Ben-Ari said. “What has been reported so far is that more than a thousand companies have been affected, including some chains, like Swedish grocery retailer Coop, which was forced to close more than 800 stores. Their systems are literally all down.”
This attack is significantly different from the recent SolarWinds attack, which exposed sensitive data from government offices and thousands of private companies in what was possibly the largest security breach ever, Ben-Ari said. In this attack, companies are being told to pay a large ransom – in some cases, as much as $50,000 per employee at each company. “If you just multiply the numbers, the magnitude is massive,” he said.
The US government prefers that companies don’t give money to their attackers so not to encourage them, but many corporate ransomware victims conclude that the cost of resisting is much greater than paying.
Last month, JBS, one of the largest meat producers in the US, paid an $11 million ransom after a similar attack knocked out operations at some of its largest facilities. (The FBI has blamed that attack on REvil as well.) And in May, Colonial Pipeline, one of the US’s largest gas providers, was forced to shut down gas delivery to the East Coast until it paid the hackers $4.4 million to get back online.