Update: The Justice Department has charged a Ukrainian man in connection with multiple ransomware attacks, including the July 2021 attack on Kaseya, according to a statement released today. It also seized about $6 million in ransom payments. The person who apparently took the payments, a Russian named Yevgeniy Polyanin, was also charged. The Ukrainian, Yaroslav Vasinskyi, was arrested last month, CNN reports. Vasinskyi and Polyanin are believed to be operative of the Russia-based REvil ransomware operation. The defendants "deployed some of the internet’s most virulent code, authored by REvil, to hijack victim computers," said acting US Attorney Chad E. Meacham. Our original story from July 6 follows.
Hackers behind the latest ransomware attack to paralyze businesses around the world have named their price: The Russian-language group known as REvil wants $70 million in Bitcoin to make things right again, reports the Washington Post. The full scope of the attack that hit just before the weekend is still coming into focus. The hackers exploited weaknesses in software made by the Miami company Kaseya that is used by tech companies to manage IT networks. The software "is sold to managed service providers—effectively outsourced IT departments—which they then use to manage the networks of their customers, often smaller companies," per TechCrunch. Kaseya says about 50 of its direct customers were compromised, but those companies work with smaller businesses such as restaurants and accounting firms, and thus the problem spreads, per CNN.
The company estimates that up to 1,500 small businesses have been compromised so far, and one research group has identified victims in 17 nations, per the Post. "Our global teams are working around the clock to get our customers back up and running," says Kaseya CEO Fred Voccola. It was unclear whether the company intends to pay the ransom. Kaseya says it is working with the FBI and the federal Cybersecurity and Infrastructure Agency. One of the most tangible signs of the attack can be seen in Sweden, where hundreds of Coop grocery stores have been forced to temporarily shut down. It's possible more US victims will emerge as the holiday break ends. The White House says businesses affected should report it via the Internet Crime Complaint Center. (Read more ransomware stories.)