• Login
NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
  • Home
  • News
    • General
    • Political
  • Economy
  • Business
    • Agribusiness
    • Aviation
    • Banking & Finance
    • Energy
    • Insurance
    • Manufacturing
    • Markets
    • Maritime
    • Real Estate
    • Tourism
    • Transport
  • Technology
    • Telecom
    • Cyber-security
    • Cryptocurrency
    • Tech-guide
    • Social Media
  • Features
    • Interviews
    • Opinions
  • Reports
    • Banking/Finance
    • Insurance
    • Budgets
    • GDP
    • Inflation
    • Central Bank
    • Sec/Gse
  • Lifestyle
    • Sports
    • Entertainment
    • Travel
    • Environment
    • Weather
  • NRTV
    • Audio
    • Video
No Result
View All Result
No Result
View All Result
NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
No Result
View All Result
Home Technology Cyber-security

Russia-linked group hacks 200 businesses with ransomware

4 years ago
in Cyber-security, highlights, Home, home-news, latest News, Technology
3 min read
0 0
0
Ransomware red button on keyboard, 3D rendering

Ransomware red button on keyboard, 3D rendering

53
VIEWS
Share on FacebookShare on TwitterShare on Linkedin

A Russia-linked hacking group has compromised roughly 200 businesses in a large-scale ransomware attack that is ongoing, according to the cybersecurity firm Huntress Labs Inc.

The hackers targeted managed service providers, which often give IT support to small- to medium-size businesses, according to Huntress Labs. By targeting a managed service provider, or MSP, hackers may then be able to access and infiltrate its customers’ computer networks.

Two of the affected managed service providers include Synnex Corp. and Avtex LLC, according to two sources familiar with the breaches. Reached by telephone, Avtex president George Demou told Bloomberg News in a text message on Friday night that “Hundreds of MSPs have been impacted by what appears to be a Global Supply Chain hack.”

“We are working with those customers who have been impacted to help them to recover,” he added.

A Synnex spokesperson did not immediately respond to requests for comment.

“From what we know now, we have eight MSP partners that are affected,” said John Hammond, a cybersecurity researcher at Huntress Labs. “Those MSPs customers add up to at least 200 businesses that are encrypted and ransomed as a result of their MSP being compromised.” He didn’t identify the managed service providers that were attacked.

Hammond said he expects the number of victims to “significantly rise” as more compromised managed service providers are discovered. The names of the MSP customers who were attacked aren’t yet known.

RelatedPosts

Parliament Adjourns Sine Die After Intense Legislative Session Marked by Reform Calls and Tributes

GACL Terminates Evatex Revenue Assurance Contract Amid OSP Probe

Cyber Security Authority Flags Rising Mobile Data Scam, Cautions Public

“This is one of the most broadly impactful, non-nation state executed, attacks we have ever seen and it appears purely designed to extract money,” said Andrew Howard, chief executive officer of Switzerland-based Kudelski Security, a provider of managed cybersecurity services. “It is difficult to image a better way for an attacker to distribute malware than through trusted IT providers.”

Jake Williams, chief technology officer at BreachQuest, said he’s already responded to multiple ransomware victims, including a school and a manufacturer. In those cases, ransom demands started at $45,000, he said.

In the past, ransomware groups often demand one bulk payment from a managed service provider, instead of attempting to collect payment from all of its clients. But in this case, it appears the REvil actors are encrypting hundreds of MSP clients and demanding payment from each one, Williams said.

“There’s no way the actors have the bandwidth handle each individual case at the same time,” said Williams. “If they keep going this way, this will take weeks to resolve.”

The attacks come a few weeks after a summit between President Joe Biden and Russian President Vladimir Putin in which Biden warned that 16 kinds of critical infrastructure were off limits for cyberattacks. Russian state-sponsored hackers were blamed for attacks against nine U.S. government agencies and about 100 businesses, which was disclosed in December and involved, in part, malicious updates in software from Texas-based SolarWinds Corp.

More recently, a ransomware attack on Colonial Pipeline Co., which squeezed gasoline supplies along the East Coast, was blamed on a Russian-linked criminal gang called DarkSide.

Cybersecurity researchers have pointed to Kaseya, which develops software used by managed service providers, as the potential root cause of the hack. Kaseya on Friday advised its customers to shut down its Virtual System Administrator software due to a potential attack.

“We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us,” Kaseya said in a statement.

The Cybersecurity and Infrastructure Security Agency acknowledged the hacks in a brief statement.

“CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software,” the agency said.

The hacking group behind the attack is known as “REvil,” according to Allan Liska, a senior threat analyst at cybersecurity firm Recorded Future Inc. Liska said this is the third time REvil has targeted Kaseya to conduct ransomware attacks. A representative for Kaseya wasn’t immediately available for comment.

REvil was also behind the ransomware attack on meat supplier JBS SA in May. The company said it ultimately paid $11 million in ransom.

Jason Ingalls, founder of the breach response company Ingalls Information Security, said attacks such as the MSP attack announced Friday are becoming more common.

“Hackers are infiltrating the most trusted source of software or security in a huge supply chain, and then compromising all of their clients,” he said. “This is the same attack method used in the SolarWinds hack, but now it’s being used by criminals to leverage their access to one victim to ransom many more.”

Source: bloomberg
Via: norvanreports
Tags: cybersecurityransomwareRussia-linked group hacks 200 businessesTexas-based SolarWinds Corp
No Result
View All Result

Highlights

Gov’t Reopens Talks With PayPal to Restore Full Service Access in Ghana

Financial Sector Assets up 34.6% in 2024 to GHS 525.59 Billion

Banking Sector Soundness Remains Robust in 2024 Amid Strong Profitability, Adequate Capital Buffers

Sha’Carri Richardson Withdraws from US Trials Following Arrest

From Singuluma to El Kaabi: Can CHAN 2024 Unleash the Next Hat-trick Hero?

Ghana to Welcome King’s Baton Relay on August 8 Ahead of 2026 Commonwealth Games

Trending

Features

Parliament Adjourns Sine Die After Intense Legislative Session Marked by Reform Calls and Tributes

August 2, 2025

Parliament Adjourns Sine Die After Intense Legislative Session Marked by Reform Calls and Tributes Parliament has adjourned...

GACL Terminates Evatex Revenue Assurance Contract Amid OSP Probe

August 2, 2025

Cyber Security Authority Flags Rising Mobile Data Scam, Cautions Public

August 2, 2025

Gov’t Reopens Talks With PayPal to Restore Full Service Access in Ghana

August 2, 2025
Bank of Ghana

Financial Sector Assets up 34.6% in 2024 to GHS 525.59 Billion

August 2, 2025

Who we are?

NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World

NorvanReports is a unique data, business, and financial portal aimed at providing accurate, impartial reporting of business news on Ghana, Africa, and around the world from a truly independent reporting and analysis point of view.

© 2020 Norvanreports – credible news platform.
L: Hse #4 3rd Okle Link, Baatsonaa – Accra-Ghana T:+233-(0)26 451 1013 E: news@norvanreports.com info@norvanreports.com
All rights reserved we display professionalism at all stages of publications

No Result
View All Result
  • Home
  • Business
    • Agribusiness
    • Aviation
    • Energy
    • Insurance
    • Manufacturing
    • Real Estate
    • Maritime
    • Tourism
    • Transport
    • Banking & Finance
    • Trade
    • Markets
  • Economy
  • Reports
  • Technology
    • Cryptocurrency
    • Cyber-security
    • Social Media
    • Tech-guide
    • Telecom
  • Features
    • Interviews
    • Opinions
  • Lifestyle
    • Entertainment
    • Sports
    • Travel
    • Environment
    • Weather
  • NRTV
    • Audio
    • Video

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
NORVANREPORTS.COM | Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.