A massive chain reaction on Friday infected at least hundreds and likely thousands of businesses worldwide with ransomware, including a railway, pharmacy chain, and hundreds of storefronts of Sweden’s Coop grocery store brand. Carried out by the notorious Russia-based REvil criminal gang, the attack is a watershed moment, a combination of ransomware and a so-called supply chain attack. Now, it’s becoming more clear how exactly they pulled it off.

Some details were known as early as Friday afternoon. To propagate its ransomware out to an untold number of targets, the attackers found a vulnerability in the update mechanism used by the IT services company Kaseya. The firm develops software used to manage business networks and devices, and then sells those tools to other companies called “managed service providers.” MSPs, in turn, contract with small and medium businesses or any institution that doesn’t want to manage its IT…

Read more…

Share.

Comments are closed.