Ransomware attacks have become way too common these days and the most difficult thing is to anticipate them and prevent them from happening. This time over 200 companies have been affected in the United States with a reported ransomware attack on Friday, according to a cybersecurity researcher of one of the attacked firms.
Speculations have been made by John Hammond from Huntress Labs, a security research firm that the REvil gang is behind this major ransomware attack. It is known that the group is a Russian-speaking ransomware syndicate that is 100 percent capable of pulling off a crime at this scale. Other researchers from the field agreed with Hammond and added that the attackers must have violated Kaseya, a software supplier using its network management package that could spread the malware through cloud service providers, according to a report by PBS.org.
As I said, ransomware attacks are pretty common these days with big companies and with small but something at this scale is very rare with almost 200 U.S. companies frozen because of the attack. However, one interesting thing about this ransomware attack is the timing. Security researchers have noticed that an attack of this scale is well planned and even better executed. Perhaps, it is no coincidence that the attack happened just before the Fourth of July weekend. Everyone knows that it is the holiday season and the companies would be low on staffing and IT security. Hence, the perfect time to pull of the attack, agrees Jake Williams, President of Rendition Infosec.
Although the connection with Kaseya has also been explored by the researchers. Hammond states that the software supplier handles enterprises and companies through the ranks, which means it handles large organizations and small businesses on a global scale and thus, has the potential to spread the malware to any size of scale business, according to a direct message Hammond posted on Twitter. Thus, the relation made is such that Kaseya is the perfect company for the infiltrators to access a widely used software to spread the malware as systems update automatically through these servers.
Hammond further mentions that three of Huntress’ business partners with almost 200 companies have been encrypted and will remain so until the victims pay off their ransom. Unfortunately, thousands of computers have been impacted by the attack and the only way to set them free and operational again is to pay the ransom amount.
It is believed that the federal Cybersecurity and Infrastructure Security Agency are looking into the matter to resolve the issue with the ransomware attack. Also, there have been no comments from the authorities, yet!