World Kaseya Can Now Unlock Over 1K Businesses That Had Data Locked By REvil Ransomware
Lawmakers increasingly anxious about US efforts against Russian hackers
Five months after President Biden met with Russian President Vladimir Putin and urged him to take a stand against ransomware attacks emanating from his country, lawmakers are beginning to chafe at what they view as a lack of results from the administration's efforts to confront Russia.Their concerns have increased in recent weeks as they heard mixed messages from key federal leaders on whether ransomware attacks tied back to Russian-based hackers have decreased since the two leaders met, undercutting the Biden administration's extensive efforts to strengthen the nation's cybersecurity.
Kaseya, the Florida-based company whose software was compromised in a devastating REvil ransomeware attack in July, received a universal key that decrypts all of the 1,000-plus companies and organizations targeted in the attack.
A spokeswoman for Kaseya, Dana Liedholm, did not say how the key was acquired or whether a ransom was paid, only that it came from a "trusted third party" and the company would share it with all victims.
Rep. Jim Langevin on defending the country against ransomware
Ransomware attacks in which hackers shut down computer systems and demand payment to undo the damage are growing more brazen. Colonial Pipeline, a company that moves gasoline along the East Coast, paid $4.4 million to restart its systems after a hack caused gasoline shortages in the spring. In June, JBS, a meat processing company, paid $11 […] The post Rep. Jim Langevin on defending the country against ransomware appeared first on Roll Call.
Ransomware analysts said possible explanations for how the master key had appeared, including that Keseya paid, a government paid or victims pooled funds.
They said the Krelim could also have seized the key from criminals and handed it over through intermediaries, or maybe the attack's principle protagonist didn't get paid by the gang whose ransomeware was used.
For more reporting from the Associated Press, continue below:
The Russia-linked criminal gang whose malware was used in the attack, REvil, disappeared from the internet on July 13. That likely deprived the affiliate that leased REvil's malware of potential income. Affiliates typically earn the lion's share of ransoms. While ransoms as low as $45,000 were demanded from smaller victims, the gang was believed to have been overwhelmed by more ransom negotiations than it could manage. It decided to ask $50 million to $70 million for a master key that would unlock all infections.
Hillicon Valley — Feds issue Thanksgiving cybersecurity warning
Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.Follow The Hill's cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.Hope everyone is getting ready for a wonderful holiday weekend! To kick off the festive week, the FBI and CISA sent out a warning reminding organizations to be mindful of increased risks of cyberattacks over holidays.
By now, many victims will have rebuilt their networks or restored them from backups.
It's a mixed bag, Liedholm said, because some "have been in complete lockdown." She had no estimate of the cost of the damage and would not comment on whether any lawsuits may have been filed against Kaseya. It is not clear how many victims may have paid ransoms before REvil went dark.
The so-called supply-chain attack of Kaseya was the worst ransomware attack to date because it spread through software that companies known as managed service providers use to administer multiple customer networks, delivering software updates and security patches.
Presidentcalled his Russian counterpart, , afterward to press him to stop providing safe haven for cybercriminals whose costly attacks the U.S. government deems a national security threat. He has threatened to make Russia pay a price for failing to crack down but has not specified what measure the U.S. may take.
National Cyber Director Chris Inglis on stemming cyber threats
Host Michael Morell speaks with the nation's first national cyber director about the prevalence of ransomware and why Russia and China might tolerate criminal hackers on their soil. Inglis also talks about why deterrence in cyberspace is difficult, and how the U.S. government is engaging the private sector to bolster cyber defenses. This episode was produced in partnership with the Michael V.
If the universal decryptor for the Kaseya attack was turned over without payment, it would not be the first time ransomware criminals have done that. It happened after the Conti gang hobbled Ireland's national healthcare service in May and the Russian Embassy in Dublin offered "to help with the investigation."
The Dangerous War We Don't See | Opinion .
To address the ongoing cyber threat, the U.S. must recognize that China's and Russia's approaches to warfare are fundamentally different from our own. For example, in the 1999 publication Unrestricted Warfare, two Chinese military colonels concluded that there are "virtually infinite" new battlefields in modern warfare that erase the lines between soldiers and civilians. Similarly, according to a U.S. Army assessment, we have not identified an effective counter strategy to Russia's gray zone warfighting doctrine (or hybrid warfare) which operates between the zones of war and peace.