According to the Associated Press, a cybersecurity company has revealed that the Russia-based REvil hacker gang launched a major ransomware cyberattack on Friday by leveraging Kaseya, a software supplier that provides network management software to more than 200 U.S. companies.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Huntress Labs’ John Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
The attack was thought to have been initiated through an automatic update of the Kaseya software, though the working theory hasn’t yet been confirmed.
On Friday, as a precautionary measure, Kaseya urged companies to shut down any servers running its software but added that only a small number of its client companies were affected.
Largest ransomware attack
Brett Callow, a ransomware expert at Emsisoft, a cybersecurity firm, said that no ransomware attack of such scale had ever been attempted, according to the AP.
“This is SolarWinds with ransomware,” Callow said, referring to a massive hack discovered in 2020 that may still be compromising U.S. government agencies.
Jake Williams, president of cybersecurity firm Rendition Infosec, said that REvil purposely targeted a window of time prior to the July 4 weekend as IT staff would be especially thin, given that many workers commonly take vacation days around that time.
“There’s zero doubt in my mind that the timing here was intentional,” Williams said, as the AP reported.
Biden warned Putin about cyberattacks
The attack comes as Biden said last week during his meeting with Russian President Vladimir Putin that Russian cyberattacks needed to stop and that if they didn’t, the United States would respond appropriately.
Biden hailed the meeting as a success but came away with no concrete agreements or assurances from Putin. “I think that the last thing he wants now is a Cold War,” Biden said at a press conference following the meeting.
As Politico reported, Biden provided Putin a list of 16 sectors that are strictly off-limits for Russian cyberattacks, which led critics to question why any site would be permissible to attack.
According to Bloomberg, REvil was responsible for a ransomware attack on an American meatpacking plant in April, and another Russian hacking group, DarkSide, took down the Colonial gas pipeline for nearly a week in May before the group was caught and lost some of the Bitcoin ransom they were paid as a result of U.S. government-led seizures.