Chain-reaction ransomware attack on the Fourth of July

Anirudh Murthy

July 5, 2021

Ransomware criminals broke into networks and sow malware that cripples networks, affecting financial services, travel, leisure, and the public agencies in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya. This attack was claimed by an affiliate of Russia's notorious REvil gang, best known for extorting from meat processor JBS earlier this year. Experts claim that the timing before the Fourth of July weekend was intentional as IT staffing was generally thin during this time and many victims in the US may not learn about it until they are back at work and hence causing as much damage as possible. Miami-based IT firm Kaseya, which was the initial target of the attack had very few of its customers affected. But the attackers used Kaseya's software tool which handles back-office IT work like installing updates for other businesses, automating the installation of software and security updates, and manages backups and other vital tasks. Unfortunately, the vast majority of end customers of managed service providers have no idea what kind of software is used to keep their networks running, making them vulnerable. Such chain reaction attacks are leading to more widespread disruption and experts are unaware of any previous ransomware supply-chain attack on this scale.

Abridged fromABC News