In a chilling update to the massive ransomware attack that was reported on Saturday, it has now been revealed that as many as 1,000 US companies may have been targeted and compromised.
The latest wave of ransomware attacks was identified after it was revealed that systems at the Miami-based IT firm Kaseya were compromised.
Kaseya had said attack was limited to a very small percentage of its customers who use its VSA software. However, according to cybersecurity firm Huntress Labs, the attack has affected some 1,000 companies. The signature software of Kaseya was manipulated to encrypt more than 1,000 companies, the cyber security firm said.
Millions of Dollars Demanded
The hackers have demanded ransom payments of thousands or millions of dollars, the report says.
Meanwhile, President Joe Biden ordered US intelligence agencies to investigate who carried out the attack.
According to John Hammond, a senior security researcher with Huntress, the current attack was the handiwork of REvil, a Russian-speaking criminal syndicate. "Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi," Hammond said.
REvil was blamed by the FBI in May for the ransomware attack on a Brazilian meat-packing conglomerate. The hack had disrupted meat processing and deliveries in the US, Canada and Australia.
Biden did not make any direct accusations brought up the Russia angle while interacting with the press. He said the authorities were not certain who was behind the attack. "The initial thinking was it was not the Russian government but we're not sure yet," he said. He would rather leave it to the intelligence agencies to determine who was behind the attack, adding that action would be initiated if it was found that the Russians were behind it.
"If it is either with the knowledge of and/or a consequence of Russia then I told Putin we will respond," Biden said, drawing attention to summit talks with the Russian President in Geneva last month, in which Biden raised the issue of cyberattacks.
How the cyberattack Played Out
The ransomware attackers hijacked Kaseya's technology management software which is widely used by companies. The hackers then encrypted the files of the customers.
US Cybersecurity and Infrastructure Security Agency said it was trying to understand the supply-chain ransomware attack against Kaseya's VSA product.
The attack was not limited to American companies. A Swedish grocery chains reported that a tool used to remotely update its checkout tills was affected by the attack and payments services were down. "We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today," the spokesperson of Coop told Swedish Television.
Swedish Defence Minister Peter Hultqvist said attack showed why business and state agencies needed to do more to stop ransomware attacks.
"In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos," he said, according to CNA.