Enlarge image
When the blackmail notice appears, it is usually too late to take action against ransomware
Photo: Frank Rumpenhorst / dpa
After one of the largest known ransomware attacks, the extent of the damage is gradually becoming clear. It appears that between 800 and 1500 companies worldwide are affected by the incident. This was confirmed by the CEO of the US IT service provider Kaseya, Fred Voccola, in an interview with the Reuters news agency. Kaseya was hacked and so became the starting point of the attack. So far, those affected have contacted a total of 17 countries. The victims now have to ask themselves the question: are they paying the blackmailers or are they trying to get rid of the malware in another way?
Voccola said it was difficult to gauge the exact impact of last Friday's attack as those affected were mostly Kaseya customers. It was a so-called supply chain attack in which the criminals infiltrated a software supplier, but only struck when the programs were installed on the customers' computers - some of which are themselves IT service providers for other companies. Kaseya is currently in the process of fixing the vulnerability.
Kaseya offers software programs for companies that relieve their customers of administrative and organizational work.
The hacker group "REvil" is suspected of having hijacked the desktop management tool VSA from Kaseya and installed a malicious update that infected customers of the tech management provider.
These in turn infected their own customers.
Entire accounting systems were blocked by the hackers' encryption.
So far there have been no reports of major production downtimes.
In Sweden, however, hundreds of supermarkets had to close at the weekend because their registers were not working.
Eleven schools and several kindergartens were affected in New Zealand.
Attackers want to haggle
With the ransom amount, »REvil« has broken new ground. As before, the criminals are trying to extort at least five-digit amounts from every single company - the talk is of 45,000 US dollars. The criminals are charging a much higher amount from the platforms that have redistributed the software to their customers: according to reports, it is five million dollars. At the same time, the group has published a complete offer on its own blog on the Darknet: For 70 million dollars, software will be provided with which every victim can free their data.
In the past, "REvil" had repeatedly asked for maximum sums for hacked data, but was not always successful.
Even after the latest attack, the criminals quickly showed themselves ready to reduce the required amounts.
Kaseya CEO Fred Voccola declined to comment on possible negotiations.
On Monday, the BSI announced that a second German IT service provider who had been hit by the attack had reported.
One is currently trying to clarify how many customers could be affected.
There are further reports from the cyber defense center and the Federal Criminal Police Office.
"The situation is still dynamic," said a spokesman.
According to the BSI, according to current knowledge, critical infrastructures or the federal administration are not affected.
tmk / AP / Reuters
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/H6SX4JB4HJIOMBO3FUP6IGGLUI.jpg)
