A ransomware attack has paralysed the networks of at least 200 U.S. companies over this past weekend, according to a cybersecurity researcher whose company was responding to the incident. The researcher also points out that the attack is likely to hit more businesses as the week progresses.
The well known and notorious REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack. REvil usually target a software supplier, in this case, Kaseya. They used its network-management package as a conduit to spread the ransomware through cloud-service providers.
Kaseya’s software is used by large IT companies that offer contract services to hundreds of smaller businesses, the hack could have spread to thousands of victims. Kaseya told all of its nearly 40,000 customers to disconnect their Kaseya software immediately. The cybersecurity firm Huntress Labs said it had tracked 20 IT companies, known as managed-service providers, that had been hit. More than 1,000 of those companies’ clients, mostly small businesses, also had been affected by the hack.
The attack still ongoing, has already thousands of businesses worldwide, including pharmacy chains, a railway, and hundreds of storefronts of Swedens Coop grocery brand.
The cybercriminals were sending two different ransom notes over the weekend — demanding $50,000 from smaller companies and $5 million from larger ones.