A major supply chain ransomware attack that has compromised hundreds of global businesses highlights the growing resourcefulness and reach of organised cybercriminals, says Bondgate IT.
The Darlington-based IT specialist says the so called ‘zero-day attack’, thought to have been carried out by the Russia-linked REvil cybercrime gang, may be unprecedented in its scale and invasiveness.
It has been reported there at least 1,000 victims of the ransomware attack spread across 17 counties, including the UK.
REvil is now demanding a $70m ransom payment to publish a universal decryptor to unlock systems crippled by its file-encrypting ransomware – which, it claims, has infected a million devices.
Garry Brown, the managing director of Bondgate IT, said the group injected ransomware into a cloud-based IT management and remote monitoring system developed by US software company Kayesa, used by managed service providers to manage their customers’ networks.
Kayesa removed access for all clients from its cloud platform, and has warned clients using the VSA tool to shut down their servers immediately following the zero-day attack – when hackers take advantage of a security vulnerability on the day it is made public. Kayesa was in the process of resolving identified vulnerabilities when the July 2 attack took place.
Garry said: “Supply chain attacks are becoming more frequent as hackers can hijack legitimate processes to target a host of end users who are often unaware until it’s too late.
“This zero-day attack highlights how sophisticated and reactive cybercriminals have become, and this ransomware attack may well become the largest on record, and certainly seems unprecedented in its complexity.”
The UK’s National Cyber Security Centre warned this week that ransomware is a growing global cyber threat and advised all organisations to take immediate steps to limit risk by putting robust network defences in place.
Garry said: “No one solution can prevent such an attack but adopting a multi-layered approach to IT security is vital – everything from effective security patch management to updating legacy security tools.
“Businesses must treat IT security as a top priority to prevent zero-day attacks happening in the first place, and if it does, ensuring they are quickly detected, and the effects mitigated.”