Up to 1,500 Businesses Hit by New Ransomware Attack 1 Month After Biden Asked Putin to End Haven for Hackers

Steve Warren
07-06-2021

Share This article

Fallout continues in the single largest ransomware attack to date that has left thousands of companies around the world impacted by the breach.  

Florida-based software vendor Kaseya says between 800 and 1,500 small and medium-sized businesses have been compromised in the most recent attack, which started Friday. 

The U.S. National Security Council said the ransomware attack was never a threat to U.S. critical infrastructure, Reuters reported Tuesday.

Cyber experts believe an affiliate of the notorious Russia-linked gang REvil is responsible for this latest breach. They say hackers attacked through firms that remotely managed software infrastructures. The criminals essentially used a tool that helps protect against malware to spread their ransomware globally.

Thousands of business organizations – largely firms that remotely manage the IT infrastructure of others – were infected in at least 17 countries in Friday's assault. Sweden, The United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya were among the countries affected.

Because the attack by the notorious REvil gang came just as a long Fourth of July weekend began, many more victims were expected to learn their fate when they return to the office Tuesday.

The gang is the same group that extorted $11 million from the meat processor JBS last month.

REvil was seeking $5 million payouts from the so-called managed service providers that were its principal downstream targets in this attack, apparently demanding much less — just $45,000 — from their afflicted customers.

But late Sunday, REvil offered a universal decryptor software key for all affected machines in exchange for $70 million in cryptocurrency. Some researchers considered the offer a PR stunt, while others thought it indicates the criminals have more victims than they can manage.

***Please sign up for CBN Newsletters and download the CBN News app to ensure you keep receiving the latest news from a distinctly Christian perspective.***

Over the weekend, President Biden instructed the U.S. intelligence agencies to investigate the latest attack. In Geneva last month, Biden sought to pressure Russian President Vladimir Putin to end safe haven for REvil and other ransomware gangs that operate with impunity in Russia and allied states as long as they avoid domestic targets. 

"And if it is, either with the knowledge of and/or a consequence of Russia, then I told Putin, 'We will respond'," Biden said. 

The Russian government has denied any involvement in those attacks. The Kremlin says it hasn't received an inquiry from the U.S. government on this latest attack. Few analysts expect the Kremlin to crack down on a crime wave that benefits Putin's strategic objectives of destabilizing the West. The syndicates' extortionary attacks have worsened in the past year.

The FBI is asking companies affected by the ransomware to contact them. The agency also said in an earlier alert that the attack's scale "may make it so that we are unable to respond to each victim individually."

Share This article

About The Author

Steve Warren is a senior multimedia producer for CBN News. Warren has worked in the news departments of television stations and cable networks across the country. In addition, he also worked as a producer-director in television production and on-air promotion. A Civil War historian, he authored the book The Second Battle of Cabin Creek: Brilliant Victory. It was the companion book to the television documentary titled Last Raid at Cabin Creek currently streaming on Amazon Prime. He holds an M.A. in Journalism from the University of Oklahoma and a B.A. in Communication from the University of
More