(From a Strategy Page article.)
http://www.strategypage.com/qnd/russia/articles/20210708.aspx
July 2, 2021: Russia based hacker group REvil carried out the largest ransom attack ever when they claimed to have crippled the VSA network management software developed by a U.S. firm Kaseya and used by thousands of businesses worldwide. REvil demanded $70 million in cryptocurrency to undo the damage. REvil has reduced that to $50 million as they noted the rapid and apparently effective Kaseya response. Kaseya was the first to detect the hack and has issued regular updates to its customers on how Kaseya is dealing with the hack. This included rapid development of a software patch that the thousand or so customers suffering from the hack could apply to undo the damage. The degree of damage varied from customer to customer, with some promptly shutting down their networks and quickly applying the Kaseya patches. Other customers delayed their response and more damage was done. Kaseya says their patches reverse any damage REvil has done and that no one should send REvil money to have their systems cleared of the infection. Kaseya pointed out that there was no guarantee that the REvil fix would work as promised. Groups like REvil have been known to provide flawed unlock software and sometimes the fix does not remove hidden malware that makes it easier for another hack to be carried out. If REvil continues to reduce their ransom demands this incident will become a very public battle between the Cyber Cossacks and their supposedly defenseless victims. We might get an interesting action film out of all this because historically the Cossacks are rarely defeated when they make a surprise raid.
This REvil attack comes less than a month after the American president warned his Russian counterpart that the U.S. considers some of Russian based hacker attacks an act of war and unless the U.S. and Russia can reach an agreement on how to deal with this the U.S. will respond in kind. In one recent attack the U.S. did respond and seized some of the cryptocurrency ransom before the Russian based hacker group could take possession of it.
In mid-2020 it became known that the U.S. president had secretly given the CIA permission to take more aggressive action against hacker groups responsible for attacks on the United States. This seems to explain a number of unexplained incidents where hacker groups had identities of members revealed or their operations sabotaged or disrupted. The CIA, NSA and Department of Defense had long been asking for this authority. Granting it to the CIA allowed the CIA to bring in NSA and Department of Defense experts for joint operations. Russian hackers have been responsible for a lot of the successful hacking operations inside the United States. Chinese, North Korean and Iranian hackers have also been active and they are also on the CIA target list.
The basic problem here is an old one; attacks via the Internet are not easy to trace back to the source if the attackers are careful. Russian and Chinese hackers have been very careful and very successful as have been their American (mainly NSA) and Israeli counterparts. The fundamental problem here is what criteria for “proof” do you use before declaring a particularly damaging (as in loss of life and military equipment) attack an act of war and counterattack in a meaningful sense. This is a question that has yet to be answered. Russia has admitted that hackers in Russia have long been active, usually only against foreign targets to avoid arrest. Russia does not admit that these hackers often do jobs for the Russian government. This is a custom with criminal gangs going back centuries but a denial still sort-of-works for diplomats.
>>>>
(There is much before this snippet . . . and the article continues after. Zim.)
Mad Poet Strikes Again.
| 
