“It overwhelmed REVil’s already-slow pipeline even further, making it that much more difficult for them to operate,” Liska told The Daily Beast. “There has been some indications that this attack has been sloppily carried out,” Cable said.Īllan Liska, an intelligence analyst at cybersecurity firm Recorded Future, says he suspects the hacking group, which operates with a number of affiliate hackers, is likely overwhelmed by the pure scope and scale of the Kaseya ransomware incident-by Kaseya’s estimates, between 8 companies have been compromised. Whether that was intentional or a mistake, for hackers trying to swindle hundreds or thousands of companies, it sure is an odd move, says Cable, who also works at the Pentagon’s Defense Digital Service. On Monday, they would have been greeted with an error screen and blocked from paying. Even if victims had tried to pay in recent days, the newly-infected would have run into some roadblocks. “Even if victims had tried to pay in recent days, they would have been greeted with an error screen and blocked from paying: ‘Something wrong. It’s unclear if this conversation has had any impact on the hackers’ operations. In the fallout, President Joe Biden warned Russian President Vladimir Putin last month during a summit that critical infrastructure should be off limits to cybercriminals in Russia. Americans trying to fuel up in May felt the impacts of another ransomware attack while they waited in long lines as a major supplier of fuel on the Eastern seaboard, Colonial Pipeline, worked to recover from another Russian ransomware incident. Ransomware incidents have been on the rise in recent months, and the Russian-speaking hacking group behind the latest ransomware spree is the same one that the FBI said ground the meat supplier JBS to a halt earlier this year in another, separate incident. “I think they’re super frustrated and I think they’re making mistakes in the process.” They probably, from their perspective, thought, ‘holy shit, this is such an amazing, well-executed operation, we hit some number-hundreds, maybe a thousand-plus organizations-we should be making a serious payday.’ And I don’t think they’re seeing the payday,” said Carmakal, senior vice president and chief technology officer at FireEye’s Mandiant. “It seems like this didn’t go exactly as planned.”Ĭharles Carmakal, who is investigating the ransomware attack, told The Daily Beast the hackers are likely starting to feel a bit frantic as the days wane on. “It could just be that…they’re in over their head there,” said Cable, a consultant at cybersecurity consulting firm Krebs Stamos Group. Hours later, though, when cybersecurity consultant Jack Cable reached out to the gang, the hackers changed their tune again, suggesting that a $50 million payment would suffice-and Cable hadn’t even asked for a price drop, he told The Daily Beast. By Sunday, the hackers announced they would accept a lump sum of $70 million from all the victims in order to get the businesses back up and running-the largest extortion demand that’s ever been made publicly. The initial ransom demands the hackers made of approximately $50,000 per victim didn’t appear to be working. The victims number in the hundreds, if not thousands, according to John Hammond, a senior security researcher at Huntress Labs, which is working with Kaseya to investigate the incident.īut the sprawl of the hack seems to be tripping up the hackers themselves. By infiltrating Kaseya’s customers-many of which are IT providers-the hackers have also been able to hit those companies’ clients with malicious software that locks them out of their machines unless they pay a ransom. The hackers, known as the REVil ransomware gang, went after Kaseya, a firm which sells software to other companies. The Russian-speaking gang that set off a chain reaction of ransomware attacks around the globe last Friday might be in a little over its head, experts tell The Daily Beast.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |