Comments: Massive ransomware attack on U.S. tech provider Kaseya, over 1,000 companies affected

Comments by: Lotem Finkelstein, Head of Threat Intelligence, Check Point Software Technologies

Ransomware attacks have grown over the last 12 months by 93%, according to Check Point Research. North America saw a 32% increase of attacks in the last six months. I don’t think we’ve seen the peak for ransomware attacks. The influx of these breaches are only going to get worse. The threat actors behind ransomware aren’t just becoming bigger, they’re becoming better at what they do.

EXTRAS: Insights and tips from Check Point Software

Are there more cyber attacks in 2021?

2021 has already broken records for cyber attacks, with an all-time high of 93% increase of ransomware and over 70% in all cyber attacks in the US in just 12 month. In Singapore, the attacks have increased 40% in the last 2 months, 99% in the last 6 months, and 147% in the last 12 months. In Malaysia, the attacks have increased 24% in the last 2 months, 90% in the last 6 months, and 261% in the last 12 months. 

This 4th of July weekend ransomware attack , apparently conducted by the Russian speaking group REvil represents a catastrophic combination of 2021’s most notorious cyber attack trends, supply chain attacks and ransomware.

REvil is one of the most prominent ransomware families on the planet,  responsible for dozens of major breaches since 2019, operating under a role to avoid attacks in the CIS.

Why did they choose this weekend and how does the attack work?

They chose this weekend and this method for a reason. They looked for a back door to over a thousand companies – one target through which they infect numerous others in a pandemic-like chain, and they picked the weekend as they  know that company IT staff go offline and that companies are often on a skeleton crew, where eyes aren’t watching. This helps the threat actors in a few ways:

  • It allows the ransomware to be fully deployed before anyone notices.
  • It induces more panic during response operations if key players within the victims environment are unavailable to respond, possibly increasing the chances that a ransom demand will be paid.

What advice does Check Point cyber security experts have for companies that may be affected?

If you are running Kaseya VSA, unplug it from the network RIGHT NOW, although it might be too late

  • Use EDR, NDR and other security monitoring tools to verify the legitimacy of any new files in the environment since 02 July 
  • check with security product vendors to verify protections are in place for REvil ransomware 
  • If help is needed, call in a team of experts to help verify the situation within the environment”

This attack is should sound alarm for all companies. When you let your guards down, the attackers arrive. We should expect more attacks to strike during holidays and weekends, and with remote work generating the new normal, today’s hackers are more effective than ever.

This site uses Akismet to reduce spam. Learn how your comment data is processed.