Saturday, September 18, 2021

“Pay $70 million and we’ll set everybody free” – Bare Safety

It’s like the movie Independence Day, but with the malware part of the story back-to-front.

In the 1996 Jeff Goldblum classic, the bespectacled, academic antihero finally quashes the alien invaders by connecting to their mothership with his Mac laptop and uploading a computer virus that even the telepathic aliens didn’t see coming.

In the movie, what’s left of the earth is saved.

Fast forward to 2021, and we’re witnessing an Independence Day malware attack of another sort.

In this attack, the REvil ransomware gang broke into the mothership of a popular software management tool from the company Kaseya.

The cybercriminals uploaded a computer virus to the mothership (more precisely, for the pedants amongst us, they uploaded a ransomware Trojan Horse) that Kaseya then automatically delivered via dozens of different service providers onto hundreds of its customers’ networks.

As Sophos CISO Ross McKerchar put it:

This is one of the farthest reaching criminal ransomware attacks that Sophos has ever seen. At this time, our evidence shows that more than 70 managed service providers were impacted, resulting in more than 350 further impacted organisations. We expect the full scope of victim organisations to be higher than what’s being reported by any individual security company. Victims span a range of worldwide locations with most in the United States, Germany and Canada, and others in Australia, the UK and other regions.