Ransomware attack Kaseya
July 2021 by Casey Ellis, founder and CEO, Bugcrowd
The thing I find most concerning about this attack is the coupling of supply-chain techniques to gain access with the incentives and devastating impacts of ransomware, including the encryption and denial of service to systems.
Something that is immediately interesting about this attack is the fact that only 8 months after SolarWinds - a relatively non-destructive nation-state supply chain attack - it looks as though cybercriminals, or smaller financially motivated nation-states, are deploying these techniques.
This means they have the resources to create or procure the necessary tooling, possibly out of the proceeds of other ransomware operations. The REvil operators set their ransom between 45k and 5M USD per organization, and have since released an offer of 50M USD to decrypt all systems affected by this attack. Aside from being the largest ransomware payment in history, this would provide ample capital for REvil to reinvest in progressively better and more invasive tooling for future attacks.
It also raises the topic of whether "you’d prefer to get hacked by Russia, or the REvil gang?” Nation state attacks have national security and economic implications, while cybercriminals tend to be more destructive and impactful to the affected business themselves.