Heimdal
article featured image

Contents:

On Tuesday, White House Press Secretary Jen Psaki declared that while the massive REvil ransomware attack on Kaseya VSA servers is not imputed to anyone so far, the Biden administration will take action if the Russian president doesn’t suppress the cybercriminal activity within his country.

Now, in this case, the intelligence community has not yet attributed the attack. The cybersecurity community agrees that REvil operates out of Russia with affiliates around the world.

Source

Psaki also stated that high-level US and Russian representatives will have a new meeting next week in order to tackle the latest cyberattacks that have targeted American companies during this year.

The White House Press Secretary said during a briefing on the Biden administration’s policy agenda:

We have undertaken expert level talks that are continuing. We expect to have another meeting next week focused on ransomware attacks.

As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.

Source

Last month, G7 leaders urged Russia to take action against threat actors conducting cyberattacks and using ransomware from within its borders.

The reprehension came after a three-day summit of G7 leaders in Britain that also called on Moscow to “stop its destabilizing behavior and malign activities” and conduct an investigation into the use of chemical weapons on Russian soil.

Soon after the news briefing, Biden weighed in about the supply-chain ransomware attack coordinated by the REvil ransomware group saying it “appears to have caused minimal damage” to U.S. organizations.

REVil Is Now Demanding $50 Million from Kaseya

Yesterday, Kaseya also declared the attack “had limited impact” as it hit fewer than 60 managed service providers (MSPs) using its VSA remote monitoring and management software.

REvil claims to have encrypted more than 1,000,000 systems in this large-scale supply-chain attack and decided that the price for decrypting all systems would be $70 million in Bitcoin in exchange for the tool that allows all affected businesses to recover their files.

At the moment, the ransomware gang is asking for $50 million for a universal decryptor.

In total, the company said the cybercriminals compromised up to 1,500 businesses across the globe and “this attack was never a threat nor had any impact to critical infrastructure,” even though CISA considers the Information Technology Sector as a critical infrastructure sector.

Kaseya stated:

The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached.

Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised.

Following one of the most massive cyberattacks we’ve seen lately, the CISA and the Federal Bureau of Investigation (FBI) share guidance for the managed service providers (MSPs) and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya’s cloud-based MSP platform.

The federal agencies are advising the affected MSPs to make sure to further check their systems for signs of compromise by making use of a detection tool provided by Kaseya over the weekend and also to enable multi-factor authentication (MFA) on as many accounts as possible.

Meanwhile, don’t forget that even if a ransomware strain does make its way into your system, it is powerless to act if you have an encryptor blocker installed. Heimdal™’s Ransomware Encryption Protection is a powerful solution that protects your endpoints from any unauthorized encryption attempt.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE