•   
  •   

World Kaseya Can Now Unlock Over 1K Businesses That Had Data Locked By REvil Ransomware

00:19  23 july  2021
00:19  23 july  2021 Source:   newsweek.com

Russian Group Responsible for JBS Meat Plant Cyberattack Goes Offline

  Russian Group Responsible for JBS Meat Plant Cyberattack Goes Offline "It could be that the server hardware failed, or that it was intentionally taken down, or that someone attacked their host," a threat researcher said.REvil's dark web data-leak site and ransom-negotiating portals went dark, cybersecurity researchers said. The group drew global attention when it attacked the meat processor JBS and the Kaseya, the software company, damaging more than 1,000 businesses around the world.

By now , many victims will have rebuilt their networks or restored them from backups. It’s a mixed bag, Liedholm said, because some “ have been in complete lockdown.” She had no estimate of the cost of the damage and would not comment on whether any lawsuits may have been filed against Kaseya . If the universal decryptor for the Kaseya attack was turned over without payment, it would not be the first time ransomware criminals have done that. It happened after the Conti gang hobbled Ireland’s national healthcare service in May and the Russian Embassy in Dublin offered “to help with the investigation.”

The REvil ransomware gang is increasing the ransom demands for victims encrypted during Friday's Kaseya ransomware attack. When conducting an attack against a business , ransomware gangs, such as REvil , typically research a victim by analyzing stolen and public data for financial information, cybersecurity For victims of the Kaseya ransomware incident, REvil is doing things differently and demanding between ,000 and ,000 per individual encrypted file extension found on a victim's network. A portion of REvil ransom negotiation. For one victim who stated they had over a dozen

Kaseya, the Florida-based company whose software was compromised in a devastating REvil ransomeware attack in July, received a universal key that decrypts all of the 1,000-plus companies and organizations targeted in the attack.

Lisa Monaco et al. looking at the camera: WASHINGTON, DC - JUNE 07: Deputy U.S. Attorney General Lisa Monaco arrives for a press conference with FBI Deputy Director Paul Abbate on June 7, 2021 at the Justice Department in Washington, D.C. The DOJ announced the recovery of millions of dollars worth of cryptocurrency from the Colonial Pipeline Co. ransomware attacks. © Jonathan Ernst-Pool/Getty Images WASHINGTON, DC - JUNE 07: Deputy U.S. Attorney General Lisa Monaco arrives for a press conference with FBI Deputy Director Paul Abbate on June 7, 2021 at the Justice Department in Washington, D.C. The DOJ announced the recovery of millions of dollars worth of cryptocurrency from the Colonial Pipeline Co. ransomware attacks.

A spokeswoman for Kaseya, Dana Liedholm, did not say how the key was acquired or whether a ransom was paid, only that it came from a "trusted third party" and the company would share it with all victims.

The support on offer as Sydney Covid lockdown extends

  The support on offer as Sydney Covid lockdown extends Alongside the pandemic disaster payment and wage support for companies, the New South Wales government is providing business grants, tax relief and help for tenants. Businesses must apply for the cash via the Service NSW website and can expect the money in their accounts by the end of the month. They will be able to borrow from their bank to tide them over until then.Workers who lose hours can apply for up to $600 a week from Services Australia and can expect the money to hit their accounts within days.

The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers. However, in what can only be seen as a case of bad timing, the REvil During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched." "They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they

A ransomware attack appears to be underway against the remote IT management platform Kaseya , affecting many of its clients, the US cyber security agency said. Researchers blame the same hackers who went after the meatpacker JBS. “We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” he said, calling it a “colossal and devastating supply chain attack.” John Hammond, senior security researcher at Huntress Labs, on the Kaseya breach: ~200 companies that use Kaseya 's tech had their networks encrypted by REvil (think of this

Ransomware analysts said possible explanations for how the master key had appeared, including that Keseya paid, a government paid or victims pooled funds.

They said the Krelim could also have seized the key from criminals and handed it over through intermediaries, or maybe the attack's principle protagonist didn't get paid by the gang whose ransomeware was used.

For more reporting from the Associated Press, continue below:

The Russia-linked criminal gang whose malware was used in the attack, REvil, disappeared from the internet on July 13. That likely deprived the affiliate that leased REvil's malware of potential income. Affiliates typically earn the lion's share of ransoms. While ransoms as low as $45,000 were demanded from smaller victims, the gang was believed to have been overwhelmed by more ransom negotiations than it could manage. It decided to ask $50 million to $70 million for a master key that would unlock all infections.

Australian organisations are quietly paying hackers millions in a 'tsunami of cyber crime'

  Australian organisations are quietly paying hackers millions in a 'tsunami of cyber crime' The frequency of attacks and the size of ransoms being demanded increases significantly, with estimates of over $55 million paid last year in Australia alone.For years, Australian organisations have been quietly paying millions in ransoms to hackers who have stolen or encrypted their data.

Kaseya has been releasing regular updates. “Our efforts have shifted from root-cause analysis and mitigating the vulnerability to beginning the execution of our service recovery plan,” the company said on Sunday afternoon. The company had still not reinstated its cloud-based service—seemingly The actors don’t work alone, but license their ransomware to a network of affiliates who run their own operations and then simply give REvil a cut. “It’s a mistake to think of this in terms of REvil alone—it’s an affiliate actor over which the core REvil team will have limited control,” says Brett Callow, a threat

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic. Over the past 24 hours, the crooks responsible for spreading the ransom malware “ REvil ” (a.k.a. “Sodin” and “Sodinokibi“) used their Dark Web “Happy Blog” to announce its first ever stolen data

By now, many victims will have rebuilt their networks or restored them from backups.

It's a mixed bag, Liedholm said, because some "have been in complete lockdown." She had no estimate of the cost of the damage and would not comment on whether any lawsuits may have been filed against Kaseya. It is not clear how many victims may have paid ransoms before REvil went dark.

The so-called supply-chain attack of Kaseya was the worst ransomware attack to date because it spread through software that companies known as managed service providers use to administer multiple customer networks, delivering software updates and security patches.

President Joe Biden called his Russian counterpart, Vladimir Putin, afterward to press him to stop providing safe haven for cybercriminals whose costly attacks the U.S. government deems a national security threat. He has threatened to make Russia pay a price for failing to crack down but has not specified what measure the U.S. may take.

US offers rewards to stop foreign ransomware attacks

  US offers rewards to stop foreign ransomware attacks The United States on Thursday offered $10 million rewards for information on online extortionists abroad as it stepped up efforts to halt a sharp rise in ransomware attacks, which US officials say often originate in Russia. US officials say that many of the attacks originate in Russia although they have debated to what extent there is state involvement. Russia denies responsibility.President Joe Biden raised ransomware forcefully in a summit last month with his Russian counterpart Vladimir Putin and more recently in a phone call, threatening to take action directly if Moscow does not curb cyber crime.

REvil (also known as Sodinokibi) is a private ransomware -as-a-service (RaaS) operation. REvil recruits affiliates to distribute the ransomware for them.

The REvil Ransomware (Sodinokibi) operation has deposited million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business . Many ransomware operations are conducted as a Ransomware -as-a-Service (RaaS), where developers are in charge of developing the Members can see other members' deposits, and the deposited bitcoins can be used to privately buy and sell illicit services or data through the forum. As you can see below, the public-facing representative of REvil , known as Unknown, now has 99 bitcoins deposited on the hacker forum.

If the universal decryptor for the Kaseya attack was turned over without payment, it would not be the first time ransomware criminals have done that. It happened after the Conti gang hobbled Ireland's national healthcare service in May and the Russian Embassy in Dublin offered "to help with the investigation."

Related Articles

  • Cuba Sanctions Are 'to Hold Them Accountable for Their Actions,' Biden Says
  • Cuba Slams New 'Baseless, Slanderous Sanctions,' Biden Says 'This Is Just the Beginning'
  • U.S. States With High COVID Cases Seeing Vaccination Rate Increase: White House
  • Nurse Fired for Giving Inmates COVID Vaccine Overdose Asks for Reinstatement, Back Pay

Start your unlimited Newsweek trial

Hacked US tech firm secures tool to restore services .
A US tech firm hit by a massive ransomware attack said it had obtained a decryption tool that allows it to unlock networks for the approximately 1,500 businesses affected. Miami-based Kaseya shut down its servers after the July 2 attack that affected businesses from pharmacies to gas stations in at least 17 countries and forced most of Sweden's 800 Coop supermarkets to lock their doors for days. "We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments," Kaseya said in a statement released Thursday.

usr: 0
This is interesting!