AGL 37.99 Decreased By ▼ -0.03 (-0.08%)
AIRLINK 215.53 Increased By ▲ 18.17 (9.21%)
BOP 9.80 Increased By ▲ 0.26 (2.73%)
CNERGY 6.79 Increased By ▲ 0.88 (14.89%)
DCL 9.17 Increased By ▲ 0.35 (3.97%)
DFML 38.96 Increased By ▲ 3.22 (9.01%)
DGKC 100.25 Increased By ▲ 3.39 (3.5%)
FCCL 36.70 Increased By ▲ 1.45 (4.11%)
FFBL 88.94 No Change ▼ 0.00 (0%)
FFL 14.49 Increased By ▲ 1.32 (10.02%)
HUBC 134.13 Increased By ▲ 6.58 (5.16%)
HUMNL 13.63 Increased By ▲ 0.13 (0.96%)
KEL 5.69 Increased By ▲ 0.37 (6.95%)
KOSM 7.32 Increased By ▲ 0.32 (4.57%)
MLCF 45.87 Increased By ▲ 1.17 (2.62%)
NBP 61.28 Decreased By ▼ -0.14 (-0.23%)
OGDC 232.59 Increased By ▲ 17.92 (8.35%)
PAEL 40.73 Increased By ▲ 1.94 (5%)
PIBTL 8.58 Increased By ▲ 0.33 (4%)
PPL 203.34 Increased By ▲ 10.26 (5.31%)
PRL 40.81 Increased By ▲ 2.15 (5.56%)
PTC 28.31 Increased By ▲ 2.51 (9.73%)
SEARL 108.51 Increased By ▲ 4.91 (4.74%)
TELE 8.74 Increased By ▲ 0.44 (5.3%)
TOMCL 35.83 Increased By ▲ 0.83 (2.37%)
TPLP 13.84 Increased By ▲ 0.54 (4.06%)
TREET 24.38 Increased By ▲ 2.22 (10.02%)
TRG 61.15 Increased By ▲ 5.56 (10%)
UNITY 34.84 Increased By ▲ 1.87 (5.67%)
WTL 1.72 Increased By ▲ 0.12 (7.5%)
BR100 12,244 Increased By 517.6 (4.41%)
BR30 38,419 Increased By 2042.6 (5.62%)
KSE100 113,924 Increased By 4411.3 (4.03%)
KSE30 36,044 Increased By 1530.5 (4.43%)

PARIS: Hackers were on Monday demanding $70 million in bitcoin in exchange for data stolen during an attack on a US IT company that has shuttered hundreds of Swedish supermarkets.

Researchers believe more than 1,000 companies could have been affected by the attack on Miami-based firm Kaseya, which provides IT services to some 40,000 businesses around the world. The FBI warned Sunday that the scale of the “ransomware” attack — a form of digital hostage-taking where hackers encrypt victims’ data and then demand money for restored access — is so large that it may be “unable to respond to each victim individually”.

Sweden’s Coop supermarket chain was among the most high-profile victims. Most of their 800 stores were still closed three days after the hack paralysed its cash registers, spokesman Kevin Bell told AFP. Coop, like many of the companies affected, is not a direct customer of Kaseya’s, but its IT subcontractor Visma Esscom was hit by the attack.

The few hundred Coop stores that had reopened were relying on alternative payment solutions, such as customers paying using their smartphones, Bell said. Cybersecurity firm ESET said it had identified victims of the hack in at least 17 countries, from South Africa to Britain to Mexico. New Zealand’s education ministry said at least two schools there had been affected.

Experts believe the attack was probably carried out by REvil, a Russian-speaking hacking group known as a prolific perpetrator of ransomware attacks. A post on Happy Blog, a site on the dark web previously associated with the group, claimed responsibility for the attack and said it had infected “more than a million systems”.

The FBI believes that REvil, which also goes by the name Sodinokibi, was behind a ransomware attack last month on global meat-processing giant JBS. The Brazil-based company ended up paying $11 million in bitcoin to the hackers.

The hackers’ blog post said they would release a decryption tool online “so everyone will be able to recover from attack in less than an hour” — if they were handed $70 million in bitcoin. Kaseya said Sunday it believed the damage had been restricted to a “very small number” of customers using its signature VSA software, which lets companies manage networks of computers and printers from a single point.

But cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies”.

Kaseya said it had “immediately shut down” its servers after detecting the attack on Friday and warned its VSA customers to do the same, “to prevent them from being compromised”.

The company has released a tool allowing its customers to find out whether their own computer systems have been compromised by the attack.

In recent months numerous US companies, including the computer group SolarWinds and the Colonial oil pipeline, have been the victims of high-profile ransomware attacks, which the FBI blames on hackers based in Russia.

While Washington officials do not accuse the Russian government of direct involvement in such attacks, they say the country is harbouring hackers who should be arrested.

US President Joe Biden raised the threat in talks with Russian counterpart Vladimir Putin last month, and on Saturday ordered a full investigation into the Kaseya attack.

In the meantime, hundreds of companies are facing the dilemma of whether or not to pay the ransom demanded by the hackers. “In general, it doesn’t pay to pay ransoms,” said Lior Div, CEO of cybersecurity firm Cybereason. It found in a recent study that 80 percent of companies that pay a ransom are hit again. “Overall, paying ransoms only emboldens threat actors and drives up ransom demands,” Div explained. “Still, whether or not to pay a ransom is an individual choice each company needs to make.”

Comments

Comments are closed.