EXPLAINER: Ransomware and its role in supply chain attacks

Jul 3, 2021, 10:14 AM | Updated: Jul 6, 2021, 10:30 pm

Another holiday weekend in the U.S., another ransomware attack that has paralyzed businesses around the world.

This time it’s affecting an untold number of small and big companies that use IT software from a company called Kaseya.

High-profile ransomware attacks in May hit the world’s largest meat-packing company and the biggest U.S. fuel pipeline, underscoring how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk.

WHAT IS RANSOMWARE? HOW DOES IT WORK?

Ransomware scrambles the target organization’s data with encryption. The criminals leave instructions on infected computers for negotiating ransom payments. Once paid, they provide decryption keys for unlocking those files.

Ransomware crooks have also expanded into data-theft blackmail. Before triggering encryption, they sometimes quietly copy sensitive files and threaten to post them publicly unless they get their ransom payments.

WHAT’S A SUPPLY-CHAIN ATTACK?

The latest attack affecting Kaseya customers combines a ransomware operation with what’s known as a supply-chain attack, which typically involves sneaking malicious code into a software update automatically pushed out to thousands of organizations.

Kaseya says the ransomware affected its product for remotely monitoring networks; but because many of its clients are providers of broader IT management services, a large number of organizations is likely to be affected.

“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” said John Hammond of the security firm Huntress Labs. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

Until now, the best-known recent supply-chain attack was attributed to elite Russian hackers and targeted software provider SolarWinds. But the motive was different; it was a massive intelligence operation targeting government agencies and others, not an attempt to extort money.

HOW DO RANSOMWARE GANGS OPERATE?

The criminal syndicates that dominate the ransomware business are mostly Russian-speaking and operate with near impunity out of Russia and allied countries. Though barely a blip three years ago, the syndicates have grown in sophistication and skill. They leverage dark web forums to organize and recruit while hiding their identities and movements with sophisticated tools and cryptocurrencies like Bitcoin that make payments — and their laundering — harder to track.

Most experts have tied the Kaseya attack to a group known as REvil, the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor, amid the Memorial Day holiday weekend.

Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.

WHO IS AFFECTED?

The scale of the attack affecting Kaseya is not yet clear, but it’s already been blamed for closing stores across a grocery chain in Sweden because their cash registers weren’t working.

Last year alone in the U.S., ransomware gangs hit more than 100 federal, state and municipal agencies, upwards of 500 health care centers, 1,680 educational institutions and untold thousands of businesses, according to the cybersecurity firm Emsisoft. Dollar losses are in the tens of billions. Accurate numbers are elusive. Many victims shun reporting, fearing the reputational blight.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Anastasiia Aleksandrova, 12, right, sits with her grandmother, Olena, at their home in Sloviansk, D...
Associated Press

Boredom, loneliness plague Ukrainian youth near front line

SLOVIANSK, Ukraine (AP) — Anastasiia Aleksandrova doesn’t even look up from her phone when the thunder of nearby artillery booms through the modest home the 12-year-old shares with her grandparents on the outskirts of Sloviansk in eastern Ukraine. With no one her age left in her neighborhood and classes only online since Russia’s invasion, video […]
24 hours ago
A person wearing a protective mask walks past an electronic stock board showing Japan's Nikkei 225 ...
Associated Press

Asian shares mixed after China cuts key rate, Japan GDP up

BANGKOK (AP) — Shares were mixed in Asia on Monday after China’s central bank cut a key interest rate and Japan reported its economy picked up momentum in the last quarter. Tokyo and Sydney advanced while Hong Kong, Shanghai and Bangkok fell. U.S. futures edged lower early Monday, while oil prices declined. The People’s Bank […]
24 hours ago
A person wearing a protective mask walks past an electronic stock board showing Japan's Nikkei 225 ...
Associated Press

Asian shares mixed after China cuts key rate, Japan GDP up

BANGKOK (AP) — Shares were mixed in Asia on Monday after China’s central bank cut a key interest rate and Japan reported its economy expanded at a faster pace in the last quarter. Tokyo and Sydney advanced while Hong Kong, Shanghai and Bangkok fell. U.S. futures edged higher Monday while oil prices declined. The People’s […]
24 hours ago
FILE - Farmer John Hawk looks over his land as his seed onion fields are watered in Holtville, Cali...
Associated Press

Deadline looms for drought-stricken states to cut water use

SALT LAKE CITY (AP) — Banks along parts of the Colorado River where water once streamed are now just caked mud and rock as climate change makes the Western U.S. hotter and drier. More than two decades of drought have done little to deter the region from diverting more water than flows through it, depleting […]
24 hours ago
FILE - Farmer John Hawk looks over his land as his seed onion fields are watered in Holtville, Cali...
Associated Press

Deadline looms for drought-stricken states to cut water use

SALT LAKE CITY (AP) — Banks along parts of the Colorado River where water once streamed are now just caked mud and rock as climate change makes the Western U.S. hotter and drier. More than two decades of drought have done little to deter the region from diverting more water than flows through it, depleting […]
24 hours ago
FILE - Employees of NY State Solar, a residential and commercial photovoltaic systems company, inst...
Associated Press

AP-NORC poll: Many in US doubt their own impact on climate

WASHINGTON (AP) — Americans are less concerned now about how climate change might impact them personally — and about how their personal choices affect the climate — than they were three years ago, a new poll shows, even as a wide majority still believe climate change is happening. The June Associated Press-NORC Center for Public […]
24 hours ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

Ways to prevent clogged drains and what to do if you’re too late

While there are a variety of ways to prevent clogged drains, it's equally as important to know what to do when you're already too late.
...
Sanderson Ford

Don’t let rising fuel prices stop you from traveling Arizona this summer

There's no better time to get out on the open road and see what the beautiful state of Arizona has to offer. But if the cost of gas is putting a cloud over your summer vacation plans, let Sanderson Ford help with their wide-range selection of electric vehicles.
...
Dr. Richard Carmona

Great news: Children under 5 can now get COVID-19 vaccine

After more than two years of battle with an invisible killer, we can now vaccinate the youngest among us against COVID-19. This is great news.
EXPLAINER: Ransomware and its role in supply chain attacks