AIRLINK 62.48 Increased By ▲ 2.05 (3.39%)
BOP 5.36 Increased By ▲ 0.01 (0.19%)
CNERGY 4.58 Decreased By ▼ -0.02 (-0.43%)
DFML 15.50 Increased By ▲ 0.66 (4.45%)
DGKC 66.40 Increased By ▲ 1.60 (2.47%)
FCCL 17.59 Increased By ▲ 0.73 (4.33%)
FFBL 27.70 Increased By ▲ 2.95 (11.92%)
FFL 9.27 Increased By ▲ 0.21 (2.32%)
GGL 10.06 Increased By ▲ 0.10 (1%)
HBL 105.70 Increased By ▲ 1.49 (1.43%)
HUBC 122.30 Increased By ▲ 4.78 (4.07%)
HUMNL 6.60 Increased By ▲ 0.06 (0.92%)
KEL 4.50 Decreased By ▼ -0.05 (-1.1%)
KOSM 4.48 Decreased By ▼ -0.09 (-1.97%)
MLCF 36.20 Increased By ▲ 0.79 (2.23%)
OGDC 122.92 Increased By ▲ 0.53 (0.43%)
PAEL 23.00 Increased By ▲ 1.09 (4.97%)
PIAA 29.34 Increased By ▲ 2.05 (7.51%)
PIBTL 5.80 Decreased By ▼ -0.14 (-2.36%)
PPL 107.50 Increased By ▲ 0.13 (0.12%)
PRL 27.25 Increased By ▲ 0.74 (2.79%)
PTC 18.07 Increased By ▲ 1.97 (12.24%)
SEARL 53.00 Decreased By ▼ -0.63 (-1.17%)
SNGP 63.21 Increased By ▲ 2.01 (3.28%)
SSGC 10.80 Increased By ▲ 0.05 (0.47%)
TELE 9.20 Increased By ▲ 0.71 (8.36%)
TPLP 11.44 Increased By ▲ 0.86 (8.13%)
TRG 70.86 Increased By ▲ 0.95 (1.36%)
UNITY 23.62 Increased By ▲ 0.11 (0.47%)
WTL 1.28 No Change ▼ 0.00 (0%)
BR100 6,941 Increased By 63.6 (0.92%)
BR30 22,802 Increased By 233 (1.03%)
KSE100 67,142 Increased By 594.3 (0.89%)
KSE30 22,090 Increased By 175.1 (0.8%)
Technology

US software firm moves to restart after huge ransomware attack

  • The company again pushed back its forecast for restarting its cloud-based systems
Published July 7, 2021

SAN FRANCISCO: A US software firm hit by a major ransomware attack that crippled hundreds of companies worldwide was working Tuesday to restart its servers to bring customers back online, but said it had run into further technical difficulties.

Kaseya, the Miami-based IT company at the center of the hack, said in a 10 pm (0200 GMT) update that while working to redeploy its software program "an issue was discovered that has blocked the release."

The company again pushed back its forecast for restarting its cloud-based systems, which had been estimated for sometime Tuesday evening after another previous delay.

"Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline," the statement late Tuesday said, promising another update at 8 am Wednesday.

Earlier, Kaseya told customers to keep their systems shut down until it assures them that it is safe.

"We have been advised by our outside experts that customers who experienced ransomware and receive communication from the hackers should not click on any links -- they may be weaponized," Kaseya warned.

The unprecedented attack affected an estimated 1,500 businesses and prompted a ransom demand of $70 million.

Kaseya said its systems were being brought back online with "enhanced security measures" and "the ability to quarantine and isolate files and entire ... servers" in case of infection.

While Kaseya is little known to the public, analysts say it was a ripe target as its software is used by thousands of companies, allowing the hackers to paralyze a huge number of businesses with a single blow.

Kaseya provides IT services to some 40,000 businesses globally, some of whom in turn manage the computer systems of other businesses.

The hack affected users of its signature VSA software, which is used to manage networks of computers and printers.

Experts believe this could be the biggest "ransomware" attack on record -- an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims' data and then demand money for restored access.

The Kaseya attack has ricocheted around the world, affecting businesses from pharmacies to gas stations in at least 17 countries, as well as dozens of New Zealand kindergartens.

Most of Sweden's 800 Coop supermarkets were shut for a third day running after the hack paralyzed its cash registers.

Kaseya said Monday that while less than 60 of its own customers were "directly compromised", it estimated that up to "1,500 downstream businesses" had been affected.

White House spokeswoman Jen Psaki said the administration was monitoring the situation amid reports that the attacks came from a Russia-based cyber gang. But she noted that "the intelligence community has not yet attributed the attack... we will continue to allow that assessment to continue."

Psaki reiterated the warning President Joe Biden gave to his counterpart Vladimir Putin about Russia harboring cybercriminals, stating that "if the Russian government cannot or will not take action against criminal actors residing in Russia we will take action, or reserve the right to take action on our own."

Going out with a bang?

REvil, a group of Russian-speaking hackers who are prolific perpetrators of ransomware attacks, are widely believed to be behind Friday's assault.

A post on Happy Blog, a site on the dark web associated with the group, claimed responsibility for the attack, saying it had infected "more than a million systems."

The hackers demanded $70 million in bitcoin in exchange for the publication of an online tool that would decrypt the stolen data.

While the hackers are thought to have been reaching out to individual victims requesting smaller payments, the unprecedented demand for $70 million has surprised analysts.

French cybersecurity expert Robinson Delaugerre suggested that REvil could be treating the Kaseya attack as a final spectacular act before going out of business.

The group was responsible for around 29 percent of ransomware attacks in 2020, according to IBM's Security X-Force unit, looting an estimated $123 million.

"Our hypothesis is that REvil is going to disappear and this is its final big act," he told AFP, predicting that the group -- which also goes by the name Sodinokibi -- could re-emerge under a new name.

The FBI believes REvil was also behind a ransomware attack last month on global meat-processing giant JBS, which ended up paying $11 million to the hackers.

The United States has been a particular target of high-profile cyber attacks in recent months blamed on Russia-based hackers, with the Colonial oil pipeline and IT firm SolarWinds among the targets.

Comments

Comments are closed.