THE RANSOMWARE BATTLE
To say that 2021 was rife with ransomware is almost an understatement and it seemed that the ransomware battle was almost unwinnable. Consider these 3 attacks as cases in point – Acer, Colonial Pipeline and Kaseya – that clearly demonstrate the IT chaos that ransomware can inflict and why it is imperative that the ransomware battle must be won.
Acer, the Taiwanese technology and electronics giant, suffered a ransomware attack in March 2021. The attack involved a hacking group known as REvil – short for Ransomware Evil, a Russian-based ransomware-as-a-service (RaaS) operation. What was notable about the attack was the size of the ransom demanded: a staggering $50 million. Most companies are reluctant to disclose if they succumb to the threats from cybercriminals and so it is difficult to ascertain exactly how much of the ransom Acer paid. Some sources claim that the company offered approximately $10 million.
Perhaps the most dramatic ransomware attack of 2021 was the Colonial Pipeline incident in May. Colonial Pipeline, based in Georgia in the United States, operates the largest petroleum pipeline in the country, carrying 2.5 million barrels a day of petrol, diesel, heating oil, and jet fuel on its 5,500-mile route from Texas to New Jersey. The ransomware attack, attributed DarkSide, an Eastern European hacking group not affiliated with any particular nation. That the time of the attack, DarkSide issued a statement, part of which read:
“…our goal is to make money not to create problems for society…”
The attack meant that Colonial Pipeline was forced to shut part of its supply chain network. This caused panic-buying of fuel by millions of East Coast residents and resulted in a significant upswing in the price of petrol in only 5 days. Cybersecurity expert, Marty Edwards, likened the response to what happened early on in the coronavirus pandemic and said:
“It’s more likely that fuel shortages will be a result of panic buying from consumers watching the headlines unfold, as opposed to shortages directly caused by the attack. This is something we saw with Covid and grocery stores selling out of household items. Regardless, it shows the impact cybersecurity has on our everyday lives.”
Edwards also stated that the Colonial Pipeline attack emphasized the reality of ransomware and said:
“It’s much easier to understand the impact of a cyberattack if it directly impacts your day-to-day life.”
Within several hours of the attack, DarkSide demanded a ransom of 75 bitcoin, equivalent to $4.4 million at the time. As part of the ransomware battle, the U.S. Department of Justice recovered approximately $2.3 million of the ransom paid by Colonial Pipeline – not exactly a victory in the ransomware battle.
Kaseya is an American IT company that provides management and security software to MSPs and IT teams. In early July last year, many of Kaseya’s MSPs and their customers became victims of a ransomware attack perpetrated by REvil. REvil targeted a vulnerability in a Kaseya remote management tool, impacting more than 2,000 global organizations. Many of these businesses paid REvil that ransom but by 13 July, REvil’s website had disappeared and victims were unable to unlock files using the paid-for decryption key. On 22 July, Kaseya obtained a universal decryption key and the company issued this statement:
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims. Customers who have been impacted by the ransomware will be contacted by Kaseya representatives.”
Throughout the IT industry, there was mass speculation as to how Kaseya got the decryption tool and if it pay REvil a ransom. Initially, Kaseya declined to comment but on 26 July declared that the decryption key was 100% effective and said:
“While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom—either directly or indirectly through a third party—to obtain the decryptor.”
This was certainly a triumph in the ransomware battle. An even bigger win occurred in October. Thanks to the combined efforts of the FBI, the US Cyber Command, the Secret Service, and cybersecurity agencies in the UK and elsewhere, Revil was hacked and taken offline. Then, in November 2021, authorities arrested Ukrainian Yaroslav Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, who were charged with conspiracy to commit fraud and conspiracy to commit money laundering along with the deployment of the Kaseya ransomware attack.
YOU CAN WIN THE RANSOMWARE BATTLE
Can you win the ransomware battle? Definitely – and you don’t need the resources available to large corporations or the FBI. Zhero has 20+ years of experience in professional business IT management and specializes in cybersecurity and risk mitigation. Let Zhero turn your IT chaos into IT order. With our experience and highly talented and skilled engineers, we provide better IT faster. Contact us now and win the ransomware battle.