They chat about how Cable came up with the idea, the role of cryptocurrency in tracking these payments, and how better data sharing can help combat the surge in ransomware attacks. Biden said Saturday that the initial thinking was that the Russian government was not involved but that the White House was still looking into it.In this episode of Security Nation, Jen and Tod chat with Jack Cable, security architect at the Krebs Stamos Group, about Ransomwhere, a crowdsourced ransomware payment tracker. REvil is thought by experts to be based in Russia, and the attack came just weeks after President Joe Biden met with Russian President Vladimir Putin and discussed starting consultations on addressing cyberattacks. The online tool for individual companies to pay ransoms was disabled for many victims this weekend, Cable said, perhaps in an effort to get the $70 million payout. Negotiating ransom payments with hundreds of businesses would be a time-consuming feat, even for a sophisticated group such as REvil.
The group may be eager to negotiate because they aren't making as much as they'd hoped from individual ransoms, Cable said. REvil immediately offered him a $20 million discount, without Cable even asking for it. Jack Cable, a security architect at cybersecurity consulting firm Krebs Stamos Group, reached out to the hackers to research the offer. On Sunday, REvil said it would accept $70 million in cryptocurrency to unlock all the businesses at once. The group behind the attack, a ransomware gang known as REvil, had initially told each small business hit by the attack they would need to pay around $50,000 to unlock their computers. Going through Kaseya theoretically gave hackers a way to hit many targets at once. Ransomware attacks work by burrowing into a business's computer network and locking its owner out from the inside. It just means it's the way the world we live in is today." "The impact of this incredibly sophisticated attack has been very minimal," he said. Voccola, who has said he wants to take Kaseya public in the coming year, apologized to victims but said the company had done everything it could to respond quickly and effectively to the attack. than the one on Colonial Pipeline in May, which led to panic-buying of fuel up and down the east coast. But as of Tuesday, the attack appeared to have less of an immediate impact in the U.S. A Swedish grocery store chain and a handful of schools in New Zealand were among identified victims. It's still unclear what the overall impact may be.įor each organization hit, the hack could be crippling, shutting down computers and potentially wiping out all of their files. While some experts initially thought that meant the number of affected business could stretch into the tens of thousands, even 800 to 1,500 affected companies would still be one of the more significant ransomware attacks ever.
#Jack cable stamos ransomwhere software#
Kaseya sells software to thousands of IT providers, which in turn often serve thousands of clients, meaning the company touches 800,000 to a million small businesses around the world. In a video posted to YouTube on Tuesday, chief executive Fred Voccola said the company shut down the compromised program within an hour of noticing the attack, potentially stopping the hackers from hitting more businesses.įour days after the attack was discovered, it's still unclear exactly how damaging it was, especially since many businesses have been shut for the long weekend. Kaseya, which sells software to help other companies manage their computer networks, confirmed hackers broke into its system through a software vulnerability in its code.
0 kommentar(er)
