These REvil people are stepping up their ransomware tactics, and on Monday, U.S. government officials were maneuvering to fight the cyberattack from this weekend.
REvil, also responsible for the JBS Foods hack from a couple of months ago, targeted American IT management companies in the latest attack.
The software vendor Kaseya, who works with the IT management companies, was the focus, according to cybersecurity experts.
The New York Post wrote:
“In a post on a blog typically used by the Russian-linked REvil cybercrime gang, a group of ransomware hackers appears to have taken responsibility for the cyberattack that hit over 200 US companies Friday, demanding $70 million in bitcoin for the data to be returned.”
It has not yet been firmly established where the REvil base is located – likely Eastern Europe or Russia.
President Joe Biden, who made cybercrime a focal point during his summit last month with Russian president Vladimir Putin, has federal agents on the case.
“The fact is that I directed the intelligence community to give me a deep dive on what’s happened and I’ll know better tomorrow,” Biden said on Saturday. “And if it is either with the knowledge of and/or the consequence of Russia, then I told Putin we will respond.”
As to specific blame, Biden said: “We’re not certain. The initial thinking it was not the Russian government but we’re not sure yet.”
Kyle Hanslovan, CEO of the cybersecurity firm Huntress Labs, said in a CNN story that not only are the IT management companies affected, but also their corporate clients, adding that up to 1,000 other businesses may be affected.
“This is very new, and we don’t know the scale yet,” Hanslovan told CNN.
This hack comes on the heels of the JBS attack and one on Colonial Pipeline in May that shook up the fuel-shipment landscape on the East Coast.