In yet another malicious strike, the Russian cybercriminal gang REvil has attacked 200 US-based companies by infecting operating machines. The attack was launched in a chain form by attacking an apex software provider and spreading the malware to linked entities. The cyberattack is believed to have infected over a million machines and slammed operations.
ABC News reported that Kaseya, a cloud-based service provider, was the software firm that received the blow. Keyasa offers software services to several big and small businesses in the US, therefore, a breach in the service could affect a lot of institutions and this is what REvil capitalized on.
The cybercriminal syndicate announced the attack on the dark web and demanded $70 million in BTC to decrypt the infected machines. Nevertheless, Kaseya has disclosed that the attack hit only a small number of its user base and has urged linked entities to shut down servers.
This is not the first time an infiltration of this nature was recorded from the Russian ransomware gang. Recently, Colonial Pipeline Co fell victim to a similar ransomware attack and had to pay $5 million to prevent a prolonged gas crisis in the US.
An affiliate of the REvil group also struck JBS Holdings, a large meat house in the United States on 30th May. The company had to pay $11 million as ransom.
Is Russia Responsible?
Last month, the president of the United States Joe Biden called on the Federal Bureau of Investigation (FBI) to investigate the repetitive case of cyberattacks supposedly from Moscow. The recent attack has sporadically hit global corporations.
Analysts believe that the attack was launched on the 4th of July, a US holiday which was no coincidence. The attackers must have presumed a lack of staff power on that day and struck at the appropriate time.