The Wall Street Journal reports this morning that
The ransomware group that collected an $11 million payment from meat producerJBS SA about a month ago has begun a widespread attack that could affect hundreds of organizations world-wide, according to cybersecurity experts.
The group, known as REvil, has focused its attack on Kaseya VSA, software used by large companies and technology-service providers to manage and distribute software updates to systems on computer networks, according to security researchers and VSA’s maker, Kaseya Ltd.
The use of trusted partners like software makers or service providers to identify and compromise new victims, often called a supply-chain attack, is unusual in cases of ransomware, in which hackers shut down the systems of institutions and demand payment to allow them to regain control. The Kaseya incident appears to be the “largest and most significant” such attack to date, said Brett Callow, a threat analyst for cybersecurity company Emsisoft.
SecurityWeek and Bleeping Computer have all of the details on this troubling cyberattack.
In other cyberattack news, Forbes reports on Microsoft’s PrintNightmare, “the name that has been attached to a zero-day vulnerability impacting the Windows print spooler. A vulnerability that can ultimately, it would appear, lead to an attacker taking remote control of an affected system.” Bleeping Computer informs us about available mitigations here and there.
Cyberscoop adds that
Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official [Anne Neuberger] said on Tuesday June 29.]
Neuberger made her remarks as the Biden administration has undertaken a number of initiatives to crack down on ransomware, following the high-profile attacks on Colonial Pipeline and meat supplier JBS. Among them is conducting a ransomware review that includes a focus on disrupting attackers, building an international coalition, studying the U.S. government’s policies and expanding analysis of cryptocurrency given attackers’ use of it to receive payments.
The administration is wary of banning ransomware payments entirely, something Neuberger called a “difficult policy position” that could harm companies who feel they have to pay up to decrypt their networks, even if the U.S. government discourages such payments.
In the tools department
- This week, “The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).”
- CISA also “is developing a catalog of Bad Practices that are exceptionally risky, especially in organizations supporting Critical Infrastructure or NCFs. The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public. Entries in the catalog will be listed here as they are added. * * * While these practices are dangerous for Critical Infrastructure and NCFs, CISA encourages all organizations to engage in the necessary actions and critical conversations to address Bad Practices.” CISA cautions that the catalog does not necessarily includes all Bad Practices. Nevertheless, it’s worth a periodic gander.