A group of Russian hackers operating under the moniker REvil is demanding $70 million in bitcoin to unlock data they encrypted in a ransomware attack launched on July 2. The hackers targeted Miami-based Kaseya Ltd., which provides software that allows businesses to manage their computer networks. The hackers apparently exploited vulnerabilities in Kaseya’s virtual systems/server administrator (VSA), which Kaseya’s customers use to disseminate software updates throughout their respective networks. This sets the stage for a so-called supply-chain attack, a sinister cyberattack that seeks to exploit the less-secure network of a target company’s supplier to infiltrate the target’s network. By targeting Kaseya’s VSA, the hackers were able to penetrate the networks of Kaseya’s customers. Coop, a Swedish supermarket chain and Kaseya customer, was forced to close some of its stores as a result of the attack.
Supply-chain attacks present a particular concern for cybersecurity professionals, especially after last year’s sweeping SolarWinds hack, the full impact of which is still being determined. This incident is yet another reminder that companies must be vigilant and mindful not only of their own cybersecurity, but also of the network security measures implemented by their suppliers.
Nixon Peabody’s Cybersecurity and Privacy Team will continue to monitor the epidemic of ransomware attacks.