Biden Announces Investigation of International Ransomware Attacks | Hacking

Security company Huntress said on Friday that it believes the REvil ransomware group associated with Russia should be blamed. Last month, the FBI accused the same organization of paralyzing meat processor JBS.

REvil has been active since April 2019, developing network paralysis software and renting it out to so-called affiliates, which infect targets and earn most of the ransom. Brazil-based meat company JBS said it has paid a ransom equivalent to 11 million U.S. dollars, and US law enforcement has called for such groups to be brought to justice.

Visiting Michigan, Biden was asked about hacking while buying pies in the cherry orchard. The president said that “we are not sure” who was behind the attack.

“The original idea was not the Russian government, but we are not sure yet,” he said.

Biden said that he has instructed US intelligence agencies to conduct investigations and will respond if the US determines that Russia is the culprit. At the June 16 summit in Geneva, Biden urged Vladimir Putin to combat hackers from Russia and warned that if the ransomware attack continues, the consequences will be disastrous.

The hackers who attacked on Friday hijacked the widely used technology management software of the vendor Kaseya, which is headquartered in Dublin and Miami. They changed a tool called VSA, which is used by companies that manage small business technology, and then encrypts the files of those providers’ customers.

Kaseya said it is investigating a “potential attack” on the VSA, which IT professionals use to manage servers, desktops, network devices, and printers. Huntress said it is tracking eight hosting providers that have been used to infect approximately 200 customers.

This influence is felt internationally.in SwedenAccording to the Public Broadcasting Corporation, most of the 800 stores in the grocery chain Coop were unable to open because the cash register was not working. The national railway and a large pharmacy were also affected.

“This is a huge and devastating supply chain attack,” said John Hammond, a Huntress senior security researcher, referring to an increasingly compelling technique of hijacking a piece of software to harm hundreds of thousands of user.

Fred Voccola, CEO of Kaseya, stated that the company believes that it has identified the source of the vulnerability and will “release the patch as soon as possible so that our customers can resume normal operations.”

Voccola said that fewer than 40 Kaseya customers are known to be affected, but the ransomware may affect hundreds of companies that rely on Kaseya customers.

Voccola said the issue only affects “on-premises” customers, which are organizations that run their own data centers. He said this will not affect cloud-based services that run software for customers, although Kaseya has shut down these servers as a precautionary measure.

The company stated that “customers who encounter ransomware and receive communications from attackers should not click on any links-they may be weaponized.”

Gartner analyst Katell Thielemann said that it is clear that Cassia “reacted very cautiously. But the reality of this incident is that it is structured to maximize the impact of supply chain attacks and extortion. A combination of software attacks.”

To complicate the response, the attack occurred at the beginning of an important holiday in the United States, when most corporate IT teams were understaffed. Threat intelligence analyst James Shank said this may prevent organizations from addressing other security vulnerabilities, such as dangerous Microsoft bugs affecting print job software.

“Kaseya’s customers are in the worst situation,” Shank said. “They are racing against time to get updates on other critical errors.”

Shank said, “It is reasonable to think that this schedule is for the holidays.”

The U.S. Cyber ​​Security and Infrastructure Security Agency (Cisa) stated that it “is taking action to understand and resolve the recent supply chain ransomware attack.” After the United States accused hackers of acting in accordance with the instructions of the Russian government and tampering with network monitoring tools developed by Texas software company SolarWinds, such attacks have become the top priority of the cyber security agenda.

On Thursday, US and British authorities stated that Russian spies accused of interfering in the 2016 US election had abused virtual private networks (VPNs) to target global organizations for most of the past two years. The Russian Embassy in Washington denied the accusation.