Following the Kaseya Attack, US Says It Will Take Action Against Ransomware Hackers If Russia Won’t
A New Meeting Between US and Russian Officials Will Take Place Next Week.
On Tuesday, White House Press Secretary Jen Psaki declared that while the massive REvil ransomware attack on Kaseya VSA servers is not imputed to anyone so far, the Biden administration will take action if the Russian president doesn’t suppress the cybercriminal activity within his country.
Now, in this case, the intelligence community has not yet attributed the attack. The cybersecurity community agrees that REvil operates out of Russia with affiliates around the world.
Psaki also stated that high-level US and Russian representatives will have a new meeting next week in order to tackle the latest cyberattacks that have targeted American companies during this year.
The White House Press Secretary said during a briefing on the Biden administration’s policy agenda:
We have undertaken expert level talks that are continuing. We expect to have another meeting next week focused on ransomware attacks.
As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.
Last month, G7 leaders urged Russia to take action against threat actors conducting cyberattacks and using ransomware from within its borders.
The reprehension came after a three-day summit of G7 leaders in Britain that also called on Moscow to “stop its destabilizing behavior and malign activities” and conduct an investigation into the use of chemical weapons on Russian soil.
Soon after the news briefing, Biden weighed in about the supply-chain ransomware attack coordinated by the REvil ransomware group saying it “appears to have caused minimal damage” to U.S. organizations.
REVil Is Now Demanding $50 Million from Kaseya
Yesterday, Kaseya also declared the attack “had limited impact” as it hit fewer than 60 managed service providers (MSPs) using its VSA remote monitoring and management software.
REvil claims to have encrypted more than 1,000,000 systems in this large-scale supply-chain attack and decided that the price for decrypting all systems would be $70 million in Bitcoin in exchange for the tool that allows all affected businesses to recover their files.
At the moment, the ransomware gang is asking for $50 million for a universal decryptor.
REVil is now asking for $50 million (lower than previously reported $70 million). Quickly lowering prices makes me wonder if they’re getting desperate. pic.twitter.com/crbubdw48g
— Jack Cable (@jackhcable) July 5, 2021
In total, the company said the cybercriminals compromised up to 1,500 businesses across the globe and “this attack was never a threat nor had any impact to critical infrastructure,” even though CISA considers the Information Technology Sector as a critical infrastructure sector.
The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached.
Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.
Following one of the most massive cyberattacks we’ve seen lately, the CISA and the Federal Bureau of Investigation (FBI) share guidance for the managed service providers (MSPs) and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya’s cloud-based MSP platform.
The federal agencies are advising the affected MSPs to make sure to further check their systems for signs of compromise by making use of a detection tool provided by Kaseya over the weekend and also to enable multi-factor authentication (MFA) on as many accounts as possible.
Meanwhile, don’t forget that even if a ransomware strain does make its way into your system, it is powerless to act if you have an encryptor blocker installed. Heimdal™’s Ransomware Encryption Protection is a powerful solution that protects your endpoints from any unauthorized encryption attempt.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;