US banks are among hundreds of companies affected by a global ransomware attack involving organizations around the world being extorted for a record ransom of $70 million.
According to the Ohio Bankers League, several banks were targeted in the attack orchestrated by the notorious REvil cyber-criminal network on July 5, 2021.
IT firm Kaseya, one of the largest impacted in the attack, provides IT infrastructure to many banking companies on a third-party basis.
The FBI is investigating the attack, in coordination with the Cybersecurity and Infrastructure Security Agency. The agencies have recommended that all companies that feel compromised should shut down their VSA servers immediately.
VSA is a remote management software used by Kaseya that was targeted in the attack.
REvil is a criminal hacking gang believed to operate out of Eastern Europe or Russia. It operates a ‘ransomware as a service’ model, supplying tools for others’ attacks.
It has been behind other high-profile ransomware attacks, but this is the largest to date with an estimated 1,500 businesses impacted, according to Kaseya.
As of July 12, the attack had been somewhat repelled. In a statement the IT firm said: “The restoration of services is progressing, with 95% of our software-as-a-service customers live and servers coming online for the rest of our customers in the coming hours.
“Our support teams are working with VSA on-premises customers who have requested assistance with the patch. We will continue to post updates on the patch rollout progress and server status.”
As yet, the ransom has not been paid – with experts fearing this could exacerbate future attacks.
Ransomware attacks have become an increasingly bigger threat to financial services with criminals exploiting businesses that have had to adjust their operations due to the pandemic.
Last year, the SEC’s Office of Compliance Inspections and Examinations issued an alert to warn firms that such attacks were becoming more sophisticated.