Even after it became clear that the number of confirmed victims was likely much lower, the Biden administration rebuked Russia for the operation's scale. That was quickly deemed one of the largest supply chain hacks in history. company SolarWinds, potentially exposing some 18,000 customer organizations to a foreign intelligence agency's elite hackers. discovered late in 2020 that Russia's SVR intelligence agency had hacked the U.S. But that might be a dodged bullet because cybersecurity experts find supply chain hacks especially worrisome, as they can quickly give hackers incredibly broad access.
So far, it appears that REvil didn't have any major impact on American life, though it did cripple several smaller American businesses, caused a major Swedish grocery store to shut down for more than 24 hours and infected 11 schools in New Zealand. That gave them access to a sizable set of victims, potentially broader than any known criminal hack in history, according to three cybersecurity experts who spoke with NBC News.
#Jack cable krebs group ransomwhere software
Instead of hacking a single organization, or even a single managed service provider, they hacked Kaseya, a company that specialises in handling software updates for hundreds of different providers. Over the weekend, however, REvil took that kind of supply chain hack to the next level. The state and federal government jumped on the case, however, and the towns were eventually able to get back online without paying the ransom. Soon 22 of the company's clients, all Texas towns, were infected with REvil's ransomware. In 2019, the group successfully hacked TSM Consulting Services, a small Texas managed services provider, which handles web services for organizations that don't want to do it themselves. REvil has previously dabbled in deploying its ransomware through a so-called supply chain attack, which exploits how interconnected internet services are. Like a number of other Russian-speaking ransomware gangs, REvil has made a fortune in recent years by hacking individual organizations, locking their computers, stealing their files and demanding a payment to fix things and not leak what they stole. REvil, likely best known for hacking JBS, one of the world's largest international meat suppliers, has been active since at least early 2019. "What we're seeing here is the tactics of more sophisticated adversaries, like nation-states, trickling down toward these less sophisticated, more financially motivated criminal ransomware groups," said Jack Cable, a researcher at the Krebs Stamos Group, a cybersecurity consultancy. This gave them access to potentially tens or hundreds of thousands of victims. Most concerning is that they even deployed a zero-day, a cybersecurity term for a vulnerability in a program that software developers aren't aware of and thus haven't had time to fix.Īnd they didn't target a single victim, but rather a company with a small but key role in the internet ecosystem. The hackers behind the spree, the Russian-speaking ransomware gang REvil, adopted two new tactics previously not used by the ransomware gangs that continually hack targets around the world, but particularly in the U.S.
The gang used a level of planning and sophistication closer to high-level, government-backed hackers, rather than a mere criminal operation, they say. But it's not the number of victims that's keeping experts up at night. A cybercriminal gang's spree over the Fourth of July weekend ended up infecting more than 1,500 organizations around the world with ransomware, according to the cybersecurity company Huntress.
0 kommentar(er)
