fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

REvil is Increasing Ransoms for Kaseya Ransomware Attack Victims

REvil is Increasing Ransoms for Kaseya Ransomware Attack Victims

The REvil ransomware gang is increasing the ransom demands for victims encrypted during Friday’s Kaseya ransomware attack.

When conducting an attack against a business, ransomware gangs, such as REvil, typically research a victim by analyzing stolen and public data for financial information, cybersecurity insurance policies, and other information.

Using this information, the number of encrypted devices, and the amount of stolen data, the threat actors will come up with a high-ball ransom demand that they believe, after negotiations, the victim can afford to pay.

However, with Friday’s attack on Kaseya VSA servers, REvil targeted the managed service providers and not their customers. Due to this, the threat actors could not determine how much of a ransom they should demand from the encrypted MSP customers.

As a solution, it seems the ransomware gang created a base ransom demand of $5 million for MSPs and a much smaller ransom of $44,999 for the MSP’s customers who were encrypted.

Ransom demand for Kaseya ransomware victims

It turns out this $44 thousand number is irrelevant as in numerous negotiation chats shared with and seen by BleepingComputer, the ransomware gang is not honoring these initial ransom demands.

When encrypting a victim’s network, REvil can use multiple encrypted file extensions during the attack. The threat actors typically provide a decryptor that can decrypt all extensions on the network after a ransom is paid.

For victims of the Kaseya ransomware incident, REvil is doing things differently and demanding between $40,000 and $45,000 per individual encrypted file extension found on a victim’s network.

Also Read: The 5 Phases of Penetration Testing You Should Know

A portion of REvil ransom negotiation

For one victim who stated they had over a dozen encrypted file extensions, the ransomware gang demanded a $500,000 ransom to decrypt the entire network.

$500,000 ransom to decrypt the entire network

However, the good news is that the REvil representatives have told victims that they only encrypted networks, and nothing more. This means that REvil likely did not steal any of the victims’ data, as they are known to use that as leverage in ransomware negotiations immediately.

REvil indicates data was not stolen

This also indicates that the ransomware operation did not access the victim’s networks before the attack. Instead, they likely remotely exploited the Kaseya VSA vulnerability to distribute the encryptor and execute it on the victim’s devices.

Attack’s aftermath

Since the attacks on Friday, Kaseya has been working on releasing a patch for the zero-day vulnerability exploited in the REvil attack. 

This zero-day was discovered by DIVD researchers who disclosed the t to Kaseya and helping test the patch. 

Unfortunately, REvil found the vulnerability simultaneously and launched their attack on Friday before the patch was ready, just in time for the US Fourth of July holiday weekend.

It is believed that over 1,000 businesses have been affected by the attack, including attacks on the Swedish Coop supermarket chain, which had to close approximately 500 stores, a Swedish pharmacy chain, and the SJ transit system.

President Biden has directed US intelligence agencies to investigate the attack but has not gone as far to state that the attacks originated from Russia.

The FBI also announced today that they are investigating the incident and working closely with CISA and other agencies.

“The FBI is investigating the Kaseya ransomware incident and working closely with CISA and other interagency partners to understand the scope of the threat.”

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

“If you believe your systems have been compromised, we encourage you to employ all recommended mitigations, follow Kaseya’s guidance to shut down your VSA servers immediately and report to the FBI at ic3.gov,” said the FBI in a press statement.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us