Following the Kaseya Attack, US Says It Will Take Action Against Ransomware Hackers If Russia Won’t
A New Meeting Between US and Russian Officials Will Take Place Next Week.
Last updated on July 7, 2021
On Tuesday, White House Press Secretary Jen Psaki declared that while the massive REvil ransomware attack on Kaseya VSA servers is not imputed to anyone so far, the Biden administration will take action if the Russian president doesn’t suppress the cybercriminal activity within his country.
Now, in this case, the intelligence community has not yet attributed the attack. The cybersecurity community agrees that REvil operates out of Russia with affiliates around the world.
Psaki also stated that high-level US and Russian representatives will have a new meeting next week in order to tackle the latest cyberattacks that have targeted American companies during this year.
The White House Press Secretary said during a briefing on the Biden administration’s policy agenda:
We have undertaken expert level talks that are continuing. We expect to have another meeting next week focused on ransomware attacks.
As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.
The reprehension came after a three-day summit of G7 leaders in Britain that also called on Moscow to “stop its destabilizing behavior and malign activities” and conduct an investigation into the use of chemical weapons on Russian soil.
Soon after the news briefing, Biden weighed in about the supply-chain ransomware attack coordinated by the REvil ransomware group saying it “appears to have caused minimal damage” to U.S. organizations.
REVil Is Now Demanding $50 Million from Kaseya
Yesterday, Kaseya also declared the attack “had limited impact” as it hit fewer than 60 managed service providers (MSPs) using its VSA remote monitoring and management software.
REvil claims to have encrypted more than 1,000,000 systems in this large-scale supply-chain attack and decided that the price for decrypting all systems would be $70 million in Bitcoin in exchange for the tool that allows all affected businesses to recover their files.
At the moment, the ransomware gang is asking for $50 million for a universal decryptor.
REVil is now asking for $50 million (lower than previously reported $70 million). Quickly lowering prices makes me wonder if they’re getting desperate. pic.twitter.com/crbubdw48g
In total, the company said the cybercriminals compromised up to 1,500 businesses across the globe and “this attack was never a threat nor had any impact to critical infrastructure,” even though CISA considers the Information Technology Sector as a critical infrastructure sector.
The federal agencies are advising the affected MSPs to make sure to further check their systems for signs of compromise by making use of a detection tool provided by Kaseya over the weekend and also to enable multi-factor authentication (MFA) on as many accounts as possible.
Meanwhile, don’t forget that even if a ransomware strain does make its way into your system, it is powerless to act if you have an encryptor blocker installed. Heimdal™’s Ransomware Encryption Protection is a powerful solution that protects your endpoints from any unauthorized encryption attempt.
Neutralize ransomware before it can hit.
Heimdal™ Ransomware Encryption Protection
Specifically engineered to counter the number one security risk to any business – ransomware.
Blocks any unauthorized encryption attempts;
Detects ransomware regardless of signature;
Universal compatibility with any cybersecurity solution;
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.