Explained: Kaseya Ransomware Attack: What Makes it the Biggest Cyber Breach, and Why Does it Matter?

The Kaseya ransomware attack has shed light on exactly how vulnerable any business can be in today’s world, and the impact it can have.

Kaseya ransomware attack
Representative image of the source code of a ransomware. (Image: Flickr)

The Kaseya ransomware attack, which has made headlines around the world ever since breaking to limelight on Friday, July 2, is not the average, everyday cyber incident. So far touted as possibly the biggest ransomware attack till date, the Kaseya ransomware attack sets precedent in terms of its impact, how the attack was carried, the number of parties that were potentially impacted and the ransom demanded against it. It also highlights the state of cyber security in the world that we’re living in today, underlining that even with general cyber precautions and hygiene being maintained by users, they can still fall prey to increasingly sophisticated attacks.

What is the Kaseya ransomware attack?

On July 2, a ransomware gang commonly known as Sodinokibi, believe to be a Russian threat actor (a group of malicious cyber attackers) targeted the REvil ransomware on Kaseya VSA, an IT service provider. Kaseya VSA is a software provider that offers its services to multiple managed service providers (MSPs). The latter are companies that are contracted by many small and medium businesses, which do not have the resources or the bandwidth to sustain their own IT infrastructure, and therefore source it from a service provider.

The Kaseya ransomware attack targeted the Kaseya software itself, which was therefore used across multiple MSPs, which in turn added up to thousands of companies. According to estimates by cyber security experts, the total number of companies affected by the attack is up to 2,000 across the world, although Kaseya pegs the number somewhere around 800 to 1,500. The attack executed what is known as a “supply chain attack” – where the attackers targeted the source technology provider in order to bring down many other companies that use their services.

How big is the attack, really?

For reference, the ransom demand claimed by Sodinokibi was $70 million in Bitcoin, which is roughly about Rs 520 crore. For reference, this is more than 6x the ransom demand that Sodinokibi asked for when it targeted and crippled the workings of meat supplier JBS – which paid an $11 million ransom to retrieve its services and get itself back on track. The JBS attack also ranks as one of the bigger ransomware crimes in recent times.

Swedish departmental store chain Coop was forced into closing all of its 800 stores across the country, as the attack left the entire business unable to access their cash registers. In New Zealand, over 100 North Island schools were knocked offline, and resorted to offline ways to continue operating. However, USA president Joe Biden has now stated, according to reports, that the Kaseya ransomware attack did not affect any critical American infrastructure or businesses, before adding that experts in America are “still gathering information”, and that he “feels good” about being “able to respond.”

Ransom demands and data recovery

In its notorious Happy Blog on the dark web, the REvil ransomware gang made the cumulative $70 million demand to release the decrypt key publicly. However, Kaseya chief Fred Voccola has denied any comment on whether the company aims to pay the ransom to get out of this situation. Of late, increasing reports are claiming that companies that were affected are now being able to come back online again – but whether parts of the ransom demands are being paid or not remain obscure.

Early reports from cyber security experts found that Sodinokibi was asking for $5 million from MSPs, and about $50,000 from the smaller businesses, in order to let them access their data again. While the cyber security community maintains that paying the demanded ransom will only fuel more and more sophisticated cyber attacks in future, businesses often seek payouts as a way to get themselves back on the ground. What happens in the Kaseya ransomware attack situation is unclear at the moment.

Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page