What just happened? President Joe Biden says damage suffered by US businesses in the Kaseya ransomware attack appears minimal, though agencies are still gathering information on the incident carried out by the Russia-based REvil group last week.
A ransomware attack took place last Friday targeting Kaseya's VSA cloud-based system management platform, which is used for remote monitoring and IT management. The Miami-based company said fewer than 1,500 businesses worldwide appeared to have been impacted. It is expected to release a patch today.
Kaseya said that the attack never posed a threat to critical US infrastructure. It comes three weeks after Biden warned President Vladimir Putin that Russia needs to do more when it comes to stopping hackers within the country attacking the US.
On Saturday, Biden said, "The initial thinking was it was not the Russian government but we're not sure yet." If that proves to be the case, "I told Putin we would respond."
At the same time that the ransomware attack took place over the weekend, a Republican National Committee third-party provider, Synnex Corp, was breached, but an investigation by Microsoft determined that no RNC data had been accessed. Bloomberg writes that the notorious Cozy Bear group linked with the Russian government was behind the incident.
White House spokeswoman Jen Psaki on Tuesday said, "If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action, on our own."
Psaki added (via Reuters) that Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security, and the intelligence community today to discuss ransomware and US efforts to counter it.
REvil earlier this week said it is willing to negotiate for a universal decryption key that will unlock all the encrypted files, with the starting price set at $70 million in BTC. It had previously asked for $5 million from MSPs (managed service providers) for the tool and a $44,999 ransom from their customers.
The attack affected business in at least 17 countries. The majority of the 800 Coop supermarkets in Sweden had to shut due to their cash registers not working, and it knocked more than 100 New Zealand kindergartens offline.