Show an ad over header. AMP

I am the FIRST

Russia-based hackers breach at least 1,000 businesses in large-scale ransomware campaign

A Russia-based hacking group known as REvil has compromised the computer systems of at least 1,000 businesses by targeting managed service providers, according to to the cybersecurity firm Huntress Labs Inc.

Why it matters: It's a large-scale ransomware campaign — the full scope of which is not yet known — and comes on the heels of several other high-profile ransomware attacks this year.

Of notevia Bloomberg: "Such attacks can have a multiplying effect, since the hackers may then gain access and infiltrate the MSPs’ customers too."

  • The affected MSPs, platforms that provide IT management and other core network functions for businesses, and companies have not yet been named.

The latest: Victims have emerged in 11 countries so far, per cybersecurity firm ESET.

  • Grocery chain Coop’s 800+ stores in Sweden couldn’t open Saturday after the hack led cash registers to malfunction, spokesperson Therese Knapp told Bloomberg.

What they're saying: John Hammond, a cybersecurity researcher at Huntress Labs, said more than 20 MSPs have been impacted. He noted the criminals targeted software supplier Kaseya, using its network-management package to spread the ransomware.

  • “What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

Cybersecurity researcher Jake Williams, president of Rendition Infosec, told AP it's no accident that this happened before a holiday weekend, when IT staffing is generally thin.

  • Hackers frequently infiltrate widely used software, then spread malware as the software automatically updates.

The privately held Kaseya is based in Dublin, with a U.S. headquarters in Miami. The Miami Herald reported Kaseya's plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform.

The big picture: The breach comes after a summit between President Biden and Russian President Vladimir Putin, during which Biden threatened to use the U.S.' "significant" cyber capabilities to respond if critical infrastructure entities are targeted by Russian hackers.

  • FBI Director Christopher Wray told Congress in June that cyber threats against U.S. businesses are increasing "almost exponentially."

Go deeper:FBI: Russia-linked REvil behind ransomware attack on meatpacker JBS

regular 4 post ff

infinite scroll 4 pff

DOJ seizes 36 U.S. website domains with links to Iran in disinformation crackdown

American officials seized 36 news website domains linked to Iran's government for spreading disinformation as part of a propaganda campaign, the Department of Justice said Tuesday.

Why it matters: The action comes at a time of heightened tension between the two countries, with Iran's hardline President-elect Ebrahim Raisi on Monday ruling out negotiating over missiles or meeting with President Biden as the two nations hold talks on returning Tehran to the 2015 nuclear deal.

Keep reading...Show less



Get Goodhumans in your inbox

Most Read

More Stories