A Russian-linked group that is counted among the cybercriminal world’s most prolific extortionists is suspected to be behind a “colossal” ransomware attack that affected hundreds of companies worldwide — just weeks after President Biden boasted about taking President Putin to task on cyberattacks.
In a post on a blog typically used by the Russian-linked REvil cybercrime gang, a group of ransomware hackers appears to have taken responsibility for the cyberattack that hit over 200 US companies Friday, demanding $70 million in bitcoin for the data to be returned.
“On Friday we launched an attack on [managed service providers]. More than a million systems were infected,” the posting on the Dark Web site Happy Blog explained.
The post, written in broken English, requested the staggering price in exchange for the group releasing information to be able to regain access to sites “in less than an hour.”
The blog is frequently used by the REvil group, which is considered among the world’s most prolific cyber-extortionists.
Reps for REvill have declined to comment further to media outlets in the wake of the attack.
Friday’s mass cyberattack — which cyber-security firm Huntress Labs has blamed on the Russia-linked ransomware gang — hit at least 200 companies at the start of the Independence Day weekend.
Swedish grocery stores, schools in New Zealand, and two major Dutch IT firms were among the victims of REvil, which launched its attack on Friday after breaching the systems of US-based software firm Kaseya.
After hitting Kaseya, a Florida-based IT company, the attack then spread through the corporate networks that use its software.
Asked about the attack while in Michigan on Saturday, President Biden urged caution as US authorities narrowed down and confirmed the source of the attack.
“We’re not sure it’s the Russians,” he said, adding that he had been briefed on the matter and had instructed the intelligence community to find out more.
“The fact is that I’ve directed the intelligence community to give me a deep dive on what’s happened, and I’ll know better tomorrow. And if it is either with the knowledge of and/or a consequence of Russia, then I told Putin we would respond,” he said.
Asked if he had already spoken to the Kremlin, Biden said he had not, as he was waiting for the intelligence community to confirm the information before acting.
He then voiced doubts from those in the intelligence community about Russia being the source of the hack.
“We’re not certain. The initial thinking was it was not the Russian government, but we’re not sure yet.”
Ransomware is a malicious software that locks up a user’s data. Hackers typically demand money, most frequently in cryptocurrency, to unlock or return the affected data.
Ransomware and other cyber attacks have skyrocketed in recent months, as US foes worldwide — unable to successfully take on America’s armed forces — turned their attention to our weaker digital defenses.
FBI Director Christopher Wray revealed last month that in the US alone, the FBI is investigating about 100 different types of ransomware.
His revelation came in the wake of the hack against JBS Foods in June, the world’s largest meat supplier, and a similar attack on Colonial Pipeline in May.
REvil was responsible for the JBS hack.
During his summit with Russian President Vladimir Putin last month, Biden said he addressed Russia’s safe harboring of cybercriminals responsible for the string of recent attacks.
House Minority Leader Kevin McCarthy (R-Calif.) referenced that back-and-forth on Twitter Saturday after news of the hack began to circulate, calling the president “soft on crime and weak against Putin.”
“Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks? What he SHOULD have said is that ALL American targets are off-limits,” the top-ranking House Republican wrote on the social media platform.
Russian hackers seemingly behind latest ransomware attack, demand $70M - New York Post
Read More
No comments:
Post a Comment