Another long weekend in the United States, another ransomware attack that has left companies all around the world immobilised.
According to cybersecurity firm Huntress Labs Inc, a major ransomware attack on the technology supply chain has hit more than 1,000 organisations so far, with the number likely to rise.
This attack, the latest in a series of ransomware attacks, might be on its way to becoming the “most destructive… campaign we’ve seen so far,” according to what cybersecurity expert Dmitri Alperovitch wrote on Twitter.
Also Read | What is ransomware?
Ransomware attacks and how they work
Ransomware fumbles the intended company’s data with encryption. On compromised computers, the hackers give instructions for negotiating ransom payments. They give decryption keys for those files once they have been paid.
Data-theft blackmail is now being used by ransomware criminals. They may discreetly copy important files before encrypting them and threaten to release them publicly unless they receive their ransom money.
Also Read | CISA, Kaseya ask companies to shut down software amid cyberattack
What are supply-chain attacks?
The most recent ransomware attack targeting Kaseya clients combines a ransomware attack with a supply-chain attack, which generally includes inserting malicious code inside a software update that is automatically distributed to thousands of businesses.
According to Kaseya, the ransomware targeted its network monitoring software; however, since many of its clients offer extended IT management services, a significant number of companies are expected to be affected.
Until recently, the best-known recent supply-chain attack has been linked to a group of elite Russian hackers and the targeted software company SolarWinds. The motivation, however, was different: it was a major espionage operation aimed at government agencies and others, not a money-laundering scheme.
Also Read | US and cyberattacks: List of major ransomware acts
On Twitter, Alperovitch added that the Friday strike against software firm Kaseya, whose clients have an enormous number of customers, implies there might be a “huge number of victims all over the world” and “entire networks encrypted” with “no way to decrypt today without paying millions per network of any significant size” to the culprits, who are thought to be associated with the cybercriminal gang REvil.