REvil Supply Chain Ransomware Attack Hits 200 US Companies

The cybercriminal group known as REvil and infamous for its ransomware activities executed another successful attack on a disturbing scale late last week.

Security researchers with Huntress Labs stated they believe the attack that affected at least two hundred US businesses is the work of the REvil cyber gang. This time the hackers did not work to infiltrate each company's network individually.

Instead, they pulled off what is commonly called a "supply chain attack". REvil abused a legitimate software supplier company called Kaseya. Kaseya delivers network management and IT infrastructure products and services to a large number of customers, ranging from average businesses to big companies.

Of course, Kaseya issued an official statement and a warning for server owners to shut down any and all servers running the software package that REvil used as the middle-man to execute the attack. The company also shut down its own software-as-a-service platform in response to the REvil activity.

While Kaseya initially intended to bring its SaaS back online by early morning on July 7th, but The Register reported today that the process has been delayed by "at least ten hours".

The REvil ransomware gang asked for a stunning $70 million in ransom payment. The demand may seem ludicrous, given that JBS, America's largest meat supplier, was hit by REvil about a month ago and in that attack the ransom demand was $11 million. The catch here is that using a supply chain attack in this new incident, REvil affected hundreds of businesses, not just in the US but across the world.

Not just internal business networks but also schools and supermarkets have been left hanging. Reuters reported that as collateral from the same attack, Swedish supermarket chain Coop was forced to close the doors of 800 of its stores, as the Internet-connected cash registers would simply not work.

Yahoo News quoted security expert Brett Callow who claimed that while there have been ransomware attacks that employed similar supply chain attack methods, they have all been "fairly minor" compared to the scale of the latest REvil job.

The timing of the attack seems to have been pre-meditated as well, as it coincided with the 4th of July Weekend holidays in the US, making rapid response to the threat more difficult than usual.

By Zaib
July 7, 2021
Computer Security
English
July 7, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

REvil Ransomware

REvil is the commonly used handle for a threat actor group dealing primarily in ransomware. The same criminal outfit is sometimes referred to as Sodinokibi, after the name of another strain of ransomware the group... Read more

May 24, 2021
Malware

Moserpass Malware Spread Through Supply-chain Attack Involving Popular Password Manager

Supply-chain attack campaigns are one of the most difficult and dangerous methods that cybercriminals use to propagate malware. These attacks are executed by compromising a legitimate software vendor's network, and... Read more

April 28, 2021
Ransomware

Remove Eslock Ransomware

The Eslock Ransomware is a variation of the infamous MedusaLocker Ransomware, which has been gaining attention from cybercriminals since 2019. The newest iteration uses an unchanged file-locking mechanism, and it is... Read more

June 2, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.