Dutch team was a day away from saving Kaseya when hackers struck; Ransomware demand hits $70 million
A group of ethical hackers from the Netherlands was trying to prevent a cyber attack at American IT company Kaseya when the massive, international ransomware attack happened on Friday, they said to Vrij Nederland. Ransomware group REvil has claimed the attack. They want 70 million dollars in Bitcoin to publish a decryptor that will release victims' files, REvil said in its Happy Blog on the Dark Web, The Record found.
Zelfs nadat president Biden heeft gezegd hier volle aandacht aan te besteden, durft REvil een dergelijk aanbod te doen.— Dave Maasland (@DaveMaasland) July 5, 2021
Deze groep deinst voor niets of niemand terug. Dat is duidelijk. pic.twitter.com/WApAdDnSjF
"If we had a little more time, we would have succeeded," members of the Dutch Institute for Vulnerability Disclosure (DIVD) said to Vrij Nederland. DIVD member Wietse Boonstra discovered the vulnerability at Kaseya while testing software at another company that used a Kaseya program to manage computers remotely. He couldn't hack the program immediately, but after a while discovered a major problem - he was able to access the system without logging in.
Within a few days, the Dutch team was working with Kaseya's top technical officer, Vrij Nederland wrote. They intended to release a software update to close that vulnerability on Saturday, but they were just too late. On Friday evening, Boonstra received a message from Kaseya that an attack was in progress, after which vulnerable customers were hastily warned to turn off their systems.
The ransomware attack affected companies worldwide, including potentially hundreds in the Netherlands. Ransomware blocks access to victims' files.
Once hit by a ransomware attack, a victim really only has two choices - pay or start over, Dave Maasland of cybersecurity company ESET Nederland said to newspaper AD. "If you don't have a backup, you really have to start all over again, without your old data," he said. "I understand that sometimes companies don't have a choice [but to pay the ransom to regain access to their files], but at the same time you have to remember that with every payment the criminals come back with better and stronger weapons."
Maasland called this attack a wake-up call for Prime Minister Mark Rutte, that the Netherlands needs a more cohesive approach to protecting itself against these types of attacks. "Rutte has to talk about this at the highest level. In the Netherlands in particular, we are extremely digitized. What if a telecom provider is hit next time? It is also important that citizens also know: this is not something that only happens digitally in the cyber world, it can affect everyone."