with Aaron Schaffer
The Kaseya ransomware attack, which paralyzed hundreds of businesses over the Fourth of July weekend, marks a major strategic advancement for the criminal hacking gangs that have wreaked havoc on U.S. businesses.
Most ransomware gangs exploit basic security flubs to lock up victims’ computers and demand payments, such as shared and reused passwords. REvil, the Russia-based group responsible for this attack, however, exploited a computer bug that had never been used and was unknown to top cybersecurity experts.
That’s a highly sophisticated sort of attack, known as a “zero day,” that’s more commonly used by nation-states looking to steal each other’s secrets than by financially motivated criminals. And it paid dividends — it’s the largest ransomware attack to date, locking up computers at up to1,500 companies that work with the software management company Kaseya and its clients, and enabling a $70 million ransom demand.
That probably is a sign of things to come as cybercrime gets more lucrative and cybercriminals gain more money and resources to pull off major heists.
“A lot of ransomware actors have bigger budgets than some nation-state actors do, so this is the logical next step,” Allan Liska, senior threat intelligence analyst at the cybersecurity firm Recorded Future, told me. “They’re going to have to continue going after larger targets if they want multimillion-dollar ransoms and using zero days is one way of doing that.”
Criminal hackers are unlikely to ever achieve the skills of top government hackers in the United States, the United Kingdom, Russia and China. But they could equal the capabilities and investments of some third-tier cyber powers such as Pakistan or Brazil, Liska said.
The Kremlin could halt the advance.
Experts widely agree that REvil and other major ransomware gangs operate on Russian territory with at least the Kremlin’s tacit approval.
“There’s no reasonable doubt among the analyst community that…