About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm.
Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.
Kaseya said in a statement on its own website that it was investigating a "potential attack".
Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.
The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.
The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.
The two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.
Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim's computer system.
See also:
(Score: 5, Insightful) by Opportunist on Saturday July 03 2021, @11:26AM (12 children)
Anyone still thinking a monopoly situation in IT is a good thing?
This is why even the least exploitable bug in any standard software from a big vendor is met with horror in security circles. Because even an edge-case-once-in-a-blue-moon-exploitable bug in a MS product means that thousands of companies are affected.
(Score: 3, Funny) by Anonymous Coward on Saturday July 03 2021, @12:37PM
Butbutbutbutbutbut I ran all da updetes and stayed up to date, just like my Microserf certification told me to!
(Score: 1, Disagree) by Anonymous Coward on Saturday July 03 2021, @01:19PM (7 children)
Think this through: how does having more software vendors decrease the number of bugs to exploit? It doesn't. Furthermore, having more software systems might increase bugs because of increased complexity of multiple systems and integration needs. Now, I am not saying everyone needs to standardize on a couple different vendors, but I am saying that I don't see how more vendors equals more security.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 03 2021, @01:22PM
One more note: security is a process, not a product, as Bruce Scheier says.
(Score: 5, Informative) by turgid on Saturday July 03 2021, @01:27PM (2 children)
Correct, but they will be different bugs, subject to different exploits. Therefore, one single exploit can't take the whole lot down.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Touché) by Dr Spin on Saturday July 03 2021, @02:01PM (1 child)
But, But ...
Think of the malware vendors!
Warning: Opening your mouth may invalidate your brain!
(Score: 3, Interesting) by Opportunist on Saturday July 03 2021, @09:36PM
Doing this constantly. I call them "my beloved job security", for as long as they continue being a threat, I'm going to be employed as well.
They are my enemies and at the same time I'm their parasite. Because without them, I couldn't exist in the job I have.
(Score: 4, Insightful) by Socrastotle on Saturday July 03 2021, @05:07PM
The interesting thing about your question is that it generalizes to something that can be applied everywhere from economic systems, world vs national government, and much more.
And it all comes down to simple game theory. When you have one vendor, and that vendor is doing an exceptional job it will never be able to be beaten by a multi-vendor system. Because a multi-vendor system all but guarantees that at least some of the vendors will be being exploited, or failing at some time or another. The reason that the multi-vendor scenario may often end up being superior is because of the other side of things. When you have a single vendor and that vendor trends towards ineptitude, corruption, greed, or whatever else - then the entire domain under its "rule" (which may be everywhere, when taken to extremes) suddenly ends in a global dystopia. By contrast in our multi-vendor world, you will always have some vendors doing well - even if purely by chance.
So it depends on what you see as more valuable. Because "more security" is somewhat meaningless. In a unipolar world, when the monopoly becomes dysfunctional - the entire world has zero security. By contrast in a multipolar world, you'll probably never have zero security. But, on the other hand, you'll never reach the 100% in those periods during a unipolar world where the solitary vendor has not been exploited.
(Score: 3, Insightful) by Opportunist on Saturday July 03 2021, @09:34PM
It doesn't. Quite the contrary, it will increase the number of bugs in software, simply by virtue of there being more software.
But at the same time any bug in any of these systems will have a much smaller impact on everyone. It's a bit like with any monoculture. Yes, if you have only one kind of tree in a forest, there will be far fewer pests to consider because all the ones that only affect the other tree types will simply not exist in your forest. But if you have an outbreak of one such pests, your forest is gone.
Bark beetles are a really huge threat in one of the areas I lived in. Mostly because they decided that monocultures of fast growing spruces is a good idea.
(Score: 2) by FatPhil on Sunday July 04 2021, @07:03PM
Because you're not obliged to run all the software by all the vendors. You can chose to run the ones that you consider least buggy.
E(min(x0,x1)) < min(E(x0),E(x1))
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Touché) by EvilSS on Saturday July 03 2021, @06:30PM
(Score: 3, Insightful) by mcgrew on Saturday July 03 2021, @06:30PM
Anyone still thinking a monopoly situation in IT is a good thing?
That hardly applies any more, you're forced into only a handful of choices. Rather, why aren't these dumbasses backing up their data? You can't erase remotely data that's in a shut off backup machine.
What kind of "professionals" are they hiring?
mcgrewbooks.com mcgrew.info nooze.org
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @07:39PM
There is no monopoly.
You and any corporation both are free, both in libre and beer senses, to install an alternative OS on any or all your machines at any time.
If you don't like getting free as in beer, you can pay the likes of Redhat/IBM or Canonical to pretend that your machines require anywhere near the support level of a Windows machine.
If you want to pay a premium, you can buy Macs and use iOS (but good luck paying the 30% Apple tax everywhere)
These ransomware attacks are not the problem. "Monopoly" is not the problem. The problem is the mindset and mentality that keeps people on a mediocre OS like Windows year after year, when there is simply no excuse anymore. If Aunt Tillie can use an alternative OS, so can your business.
(Score: 4, Funny) by Frosty Piss on Saturday July 03 2021, @11:36AM (1 child)
The ghost of John McAfee strikes…
(Score: 2, Funny) by fustakrakich on Saturday July 03 2021, @04:57PM
Yeah, this could be his "dead man's switch"
La politica e i criminali sono la stessa cosa..
(Score: 5, Insightful) by Anonymous Coward on Saturday July 03 2021, @11:53AM (17 children)
FTFY. A forced monoculture of an unavoidably vulnerable system is sabotage.
With the current level of system complexity and programmers' skills, we definitely won't have impenetrable security, ever. Security by obscurity too did not work in the days past, and has no reason to magically start working tomorrow. Given that, building up an army of clones where one attack can wipe any and all, is the height of stupidity.
Diversity is the only protection that works, as Mother Nature itself demonstrates. https://en.wikipedia.org/wiki/Panama_disease [wikipedia.org]
(Score: 1, Insightful) by Anonymous Coward on Saturday July 03 2021, @01:26PM (8 children)
The real source of the weakness is integrated systems all networked. Replace this with something other than Windows, and you still have the same problem.
(Score: 4, Insightful) by HiThere on Saturday July 03 2021, @02:04PM (4 children)
I'm really convinced that handling this is, in principle, possible. But not if you require the ability to execute programs to be transmissible. So doing it securely would make many things either a lot more difficult or impossible. HTML version 1 (before javascript and similar) was probably secure. So was the original email. Of course, if you allow an interpreter to automatically execute a tagged file than all bets are off.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @02:45PM (2 children)
The networking protocols are very insecure at the lower layers... They were not designed with hostile environments in mind. We can bandaid on top of this, but the fundamental weaknesses of our network architectures will still be there.
(Score: 2) by Rich26189 on Saturday July 03 2021, @03:20PM (1 child)
I don’t know how these most recent attacked were perpetrated, TFS doesn’t say, but I disagree that the networking layers are the likely attack point. Enterprise level equipment has very robust networking layers, especially the lower ones. I can’t speak about the upper layers, e.g. 7 (yeah, I’m that old) but I have to think they’re not untested.
At this point we’re talking about the 6th Domain of Warfare.
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @05:24PM
All that "enterprise level equipment" is only needed due to the horrible design of the basic networking protocols... We segment the networks to stop our machines from blabbing everything they do and know where anyone can hear.
(Score: 4, Insightful) by Mojibake Tengu on Saturday July 03 2021, @03:00PM
Axiom 0: data is code and code is data.
=> Every code is someone's data.
You are right about original Web was accidentally[1] safe, because html1 markup before scripting happened to be a declarative language, not executable language.
But the fundamental design error was made with Web not designed by intention as pure declarative in client context, like, say, forming pages pure declaratively[2] in Prolog or a dialect, and letting clients to decide completely what they turn to rendering execution about it, enabling logical deductions about pieces of information. Instead, we got executive hell by foreign code enforced on clients.
The same with emails.
This will never be fixed. Not by adding more jails and fortifications to clients. Not in this decadent political digitalism epoch.
[1] 'accidental' as in ancient Aristoteles' meaning
[2] Note HTTP/HTML predecessor, the gopher, was very primitive but made declarative, evolved from classic BBS's menu systems.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 1, Insightful) by Anonymous Coward on Saturday July 03 2021, @03:28PM
Indeed. Did Battlestar Galactica teach us nothing?
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @04:01PM
In case of one single something, sure; Android is enough of demonstrable proof. A forced monoculture is the problem, it does not matter who is forcing what.
Customizable systems, and making use of that customization, is the solution. When you have a dozen Linux distros, each with several supported versions, with final users (IT dept) recompiling the kernel and some other things and uninstalling other things, to match the setup to their actual needs - a nice zero-day exploit for some version range of SHITTTP protocol handler suddenly becomes usable only on the tiny minority of systems, those that actually are using SHITTTP + have an exploitable version installed.
That setup would not much help clueless end users with no one to do their customization for them, but even then, "some version of some distro" is a much smaller target than "same install and patch of same Windows". As demonstrably proven with Android exploits.
(Score: 2) by Gaaark on Saturday July 03 2021, @08:29PM
No: if you use Windows and I use Manjaro, the problem will stop with you.
Malware makers would have to target EVERY O/S if they want their malware to spread.
Teh way it is now, they just have to target Windows systems to cause problems. Vary the O/S environments and make it harder to crack the system, just like if everyone used the same password....
....use a different password on every system, every system is harder to crack.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by HiThere on Saturday July 03 2021, @02:00PM (4 children)
It's not that simple, and your argument doesn't really work, because everything uses either DNA or RNA. And ribosomes are pretty similar from bacteria to people. Etc.
But it's still basically true. Monocultures encourage the emergence of predators, which have even been known to extinguish the species...or at least the gene-line. This has happened to several lines of banana, though people have kept cultivars alive in labs.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1, Interesting) by Anonymous Coward on Saturday July 03 2021, @03:34PM (3 children)
Aren't we presently having the second year of the COVID shitshow for precisely that very reason?
In the prokaryotes' world, the tithe they pay to phages is a more than fair price for the feature of horizontal gene transfer. Even the multicellular eukaryotes time and again use that feature for their evolutionary advantage, despite such events having far smaller chance of going beneficially for them (us). https://en.wikipedia.org/wiki/Horizontal_gene_transfer [wikipedia.org]
Some unicellular eukaryotes do have some tweaks however (too bothered by viruses in their time of need, to keep holding out for uncertain evolutionary gifts?) https://en.wikipedia.org/wiki/List_of_genetic_codes [wikipedia.org]
Either way, Windows systems at present do not produce offspring so the argument does not hold for them. :)
Dissimilar enough that entire classes of antibiotics are exploiting that difference.
(Score: 2) by c0lo on Saturday July 03 2021, @11:42PM (2 children)
Good God, spare us of the contrary.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Sunday July 04 2021, @02:32AM (1 child)
Clippy is illegitimate?
(Score: 2) by c0lo on Sunday July 04 2021, @09:56AM
Clippy is not Bob and they are dead anyhow, may both rest in pieces.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by digitalaudiorock on Saturday July 03 2021, @03:43PM (2 children)
+1000...beat me to this. I'm so sick of all the coverage of all these things being portrayed like they "penetrated the company's firewall" like a bad TV drama. Bullshit. I'd all but guarantee that most/all of this crap comes from a combination of social engineering (phishing etc) combined with Windows vulnerabilities getting someone access to everything they need to do whatever they want from the inside...period. In addition, I wouldn't be surprised if those may even be unpatched vulnerabilities known only to the uber-blackhats and the CIA.
This is what happens when the "security" of you OS has become so complex that even MS doesn't seem to understand it. Never mind all the forces out there trying to send Linux down that same path.
(Score: 2) by RS3 on Saturday July 03 2021, @06:38PM (1 child)
Absolutely agree, all true. As too often with these kinds of stories, I don't know the specific details. It would be much more useful reporting if they'd tell us so that everyone can learn.
I do know a company that lost pretty much all of their data, documents, etc., to ransomware that came through an email attachment (phishing attack). Like too many (most) people they use a browser to open webmail, or Outlook or some such that will run html and javascript, and then you're done, no inherent / OS vulnerabilities necessary.
They had no IT staff (tiny company) nor outside help, so they're just doing what most people do- using the computers the best they can. Someone had set up shared drives, so the ransomware had access to everything.
If they ran Outlook / browser in a very tightly walled container, it might have been averted, but that's quite a lot more time and effort for very busy office workers who are constantly working email, various customer / sales / inventory / shipping / etc. databases, and would be overwhelmed with the container layer, getting data in and out, saving legitimate attachments, etc. I know it can be set up to be safer, and obviously needs to be.
Every now and then I get an email that's blank in my email client. My client will display the raw html code, but not render it, and certainly not run javascript. The blank ones are entirely javascript (recent ones coming from a temp / job agency).
(Score: 2) by digitalaudiorock on Sunday July 04 2021, @01:15PM
I currently use Thunderbird under Gentoo for email, but only because I need to use it for work emails, were I need to be able to reply to everyone else's bullshit html emails. If it were just for my personal email, I'd be using something like claws mail with no html at all. Those God-awful html emails are another travesty started by MS. Hate it to this day. I'd kill to have all email go back to plain text, possibly with file attachments.
(Score: 1, Troll) by Anonymous Coward on Saturday July 03 2021, @02:57PM (1 child)
That was quick disregard for the summit
https://www.brookings.edu/blog/order-from-chaos/2021/06/17/did-biden-succeed-with-putin-check-back-in-six-months/ [brookings.edu]
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @05:17PM
I can't believe Biden allowed the 1,739 robberies that happened yesterday. Dude must be a mafioso or something.
(Score: 2) by looorg on Saturday July 03 2021, @04:21PM
It's not just US companies, that shit went global. God only knows why a bunch of European stores use an American company to process transactions.
(Score: 2) by MIRV888 on Saturday July 03 2021, @05:08PM (8 children)
When I worked as a sys admin for a major chemical company, we did tape (Yes, I know. I am old) backups everyday of the entire server data set. We had a month's worth of tapes and just rotated through. We kept quarterly backup tapes offsite. The facility could burn down on a bad day so it seemed prudent. I realize the media sets are larger, but backups are still a thing right?
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @06:20PM (1 child)
I'm going to bet that the "backups" were also in the "cloud".
(Score: 2) by turgid on Saturday July 03 2021, @08:42PM
It never rains but it pours.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 1, Interesting) by Anonymous Coward on Sunday July 04 2021, @05:27AM (5 children)
I worked for a company that did backups properly:
Mon - Thu tapes, overwritten weekly
5 x Fri tapes overwritten monthly
12 x month-end tapes, overwritten yearly
yearly tapes, never overwritten.
ad-hoc backups for system changes, never overwritten.
All tapes were picked up daily by a security company and held off-site.
The head IT guy (who knew what he was doing) wrote the script that ran the backups. It backed up major database 1, backed up major database 2, rewound the tape, verified the backups, reported the result, rewound the tape for storage and ejected it. Script ran at 2am when no-one was using the systems.
Few months go by, assistant IT decided he wanted to also backup unimportant (but bloated) system he was responsible for. Plenty of room on tape (big for the time LTO tapes) so he decides to tag it on the end of the other backups. Modifies head guys script via copy and paste.
New sequence goes; Backup DB1, Backup DB2, Rewind tape, Verify, Report results to IT Head, Rewind tape, Backup Unimportant DB, Rewind, Verify, Report result to IT Ass, eject tape. Note, the minor (bloated) system backup was longer than the Major DB1 and DB2 backups.
Time goes by and hard drive crashes. DB1 and DB2 both trashed. No worries, we have backups right? They had to go back to an ad-hoc backup from about five months earlier, re-enter what they could from paperwork. I think it cost them millions.
(Score: 2) by RS3 on Monday July 05 2021, @04:17PM (4 children)
You didn't point out the problem, so just being thorough (problem seems apparent): the new tape backup sequence overwrote the main DBs?
One safety mode is: don't rewind the tape.
(Score: 0) by Anonymous Coward on Monday July 05 2021, @05:08PM (3 children)
Yep.
It did the head guys backup properly, verified it, sent him a message saying it was ok, then ass's add-on rewound the tape and wrote his backup over it.
(Score: 2) by RS3 on Monday July 05 2021, @05:30PM (2 children)
Sorry, I just had to confirm in detail that something that stupid was done. And stupid on many levels. Was nobody checking the work? I guess I'm being idealistic. But you'd hope that something as important, maybe critical, as backups, would have some kind of cross-checking done.
Some years ago (mid-90s) I had a job and one assignment was pretty much just assemble systems and install software (industrial controls- PLC, SCADA, etc.) IBM PS/2 server hardware, running OS/2 (yes). I wish I could remember the backup software brand; it watched for any filesystem change, and did incremental backup to tape within seconds. I thought that was awesome, and yet I'm not aware of any other software that does that behavior.
In most backup scenarios we've kept weekly full backups indefinitely (remove the write-allow tab), and done differential ones daily if not hourly. Basically we could always go back to some point in the past if needed. Restore might have been tedious, but the data was there. Tape is far too cheap to be stupid (with overwriting things).
Any knowledge of backup software that watches filesystem and backs up any changes on the fly?
(Score: 0) by Anonymous Coward on Tuesday July 06 2021, @02:06AM (1 child)
This was back in the 90's too.
Head guy implemented it, checked it was working, monitored it and did manual tape reads for several weeks to be sure it was working. Handed off actual physical tape swapping and monitoring to Ass. Ass put his brain-fart on it without telling anybody, and just trusted the messages. I said LTO, but I'm not really sure. I do know that the tapes they were using were stupidly expensive.
That sounds like it was part of the OS. Back then that would have been a lot of overhead for an add-on program.
These days you would need to exclude a lot of files. Every damn program out there is constantly saving its status to disk.
Not much knowledge of any current back-up software. Wasn't my job back then either, I was just close enough to know what happened. For my own system I just do a copy of /home now and again. Fits on a CD. Anything else is just a download away.
(Score: 2) by RS3 on Tuesday July 06 2021, @02:57AM
OS of course knows what's being written to disk. You (quite easily) tagged files and directories you wanted backed to tape in the software. Worked very well. Sure wish I had written it down. It was so awesome, I "assumed" all tape software worked that way.
Funny story- 2 guys were feverishly writing gobs of C on Unix (not sure which flavor- maybe HP-UX) for months. They decide to do a backup to tape. I mean, seriously major large project, many months, full-time. Anyway, guy gives tar command, but reverses disk and tape devices. So yes, OS said "okay, you want to write the raw tape to the raw disk. I can do that."
Fortunately they were taking notes as they went, so it took them another 2 weeks to recreate the whole project. I was doing sector-level stuff in those days, and offered to recover lots of files, or at least parts of files, but everyone declined (it was a VERY political / competitive place).
(Score: 2) by kazzie on Saturday July 03 2021, @05:16PM
I've got mental images of attacks originating from museums in Bletchley Park [wikipedia.org]...
(Score: 2) by inertnet on Saturday July 03 2021, @10:19PM
Suppose you have copies of some original files and encrypted versions of the same files. Would it then be possible for a quantum computer to reverse engineer the encryption keys?
(Score: 0, Troll) by Anonymous Coward on Saturday July 03 2021, @11:22PM (1 child)
None of the companies attacked were on the list of critical infrastructure that Biden handed to Putin. We're going to be fine.
(Score: 0, Interesting) by Anonymous Coward on Sunday July 04 2021, @12:56AM
Interesting. Conservative projection lets out the truth as usual. So you derps know Trump is guilty but being actual fascists you are delighted, so your plan is to deny and blame others. Better get your head right, Nazis bad mmkay?
(Score: 0) by Anonymous Coward on Monday July 05 2021, @03:37PM (1 child)
Why was SN spared?
(Score: 0) by Anonymous Coward on Tuesday July 06 2021, @03:01AM
Not obvious? It's mostly AC drivel. Why bother?