WHAT IS RANSOMWARE? HOW DOES IT WORK? Ransomware scrambles the target organization’s data with encryption. The criminals leave instructions on infected computers for negotiating ransom payments. Once paid, they provide decryption keys for unlocking those files.
This time it’s affecting an untold number of small and big companies that use IT software from a company called Kaseya. High-profile ransomware attacks in May hit the world’s largest meat-packing company and the biggest U.S. fuel pipeline, underscoring how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk. Ransomware crooks have also expanded into data-theft blackmail. Before triggering encryption, they sometimes quietly copy sensitive files and threaten to post them publicly unless they get their ransom payments.
WHAT’S A SUPPLY-CHAIN ATTACK? The latest attack affecting Kaseya customers combines a ransomware operation with what’s known as a supply-chain attack, which typically involves sneaking malicious code into a software update automatically pushed out to thousands of organizations.
Kaseya says the ransomware affected its product for remotely monitoring networks; but because many of its clients are providers of broader IT management services, a large number of organizations is likely to be affected. “What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” said John Hammond of the security firm Huntress Labs. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.” Until now, the best-known recent supply-chain attack was attributed to elite Russian hackers and targeted software provider SolarWinds. But the motive was different; it was a massive intelligence operation targeting government agencies and others, not an attempt to extort money.
HOW DO RANSOMWARE GANGS OPERATE? The criminal syndicates that dominate the ransomware business are mostly Russian-speaking and operate with near impunity out of Russia and allied countries. Though barely a blip three years ago, the syndicates have grown in sophistication and skill. They leverage dark web forums to organize and recruit while hiding their identities and movements with sophisticated tools and cryptocurrencies like Bitcoin that make payments — and their laundering — harder to track. Most experts have tied the Kaseya attack to a group known as REvil, the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor, amid the Memorial Day holiday weekend.
The News Highlights
- EXPLANATOR: Ransomware and its role in supply chain attacks
- Check the latest world news updates and information about business, finance, technology and more.
- Check the latest update on tech news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week