Another large-scale ransomware attack on US companies by Russia-based hackers has made headlines, coming just weeks after President Joe Biden warned his Russian counterpart Vladimir Putin of retaliation in the event of a Russian attack on critical US infrastructure.
Cybersecurity firm Huntress Labs Inc has said a Russia-based hacking group known as REvil has compromised the computer systems of at least 200 businesses with what it said was a “mass MSP ransomware incident”.
MSPs—Managed service providers—are third-party organisations that offer services to other companies. An attack targeting an MSP could affect several of its clients. The latest attack, purportedly carried out by REvil, has affected at least eight MSPs according to Huntress Labs—cybersecurity expert John Hammond told Bloomberg that at least 200 businesses were customers of these eight MSP. The attacks targeted the VSA software by tech firm Kaseya which allows for remote monitoring and management.
The scale of the hack could be much higher: One of the MSPs that were reportedly affected, Avtex, told Bloomberg that hundreds more MSPs had been impacted by what appears to be a Global Supply Chain hack.
Just days before the latest hack, US Secretary of State Antony Blinken had warned of a US response to a Russian cyber attack, saying the US expects Russia to take action to prevent cyber attacks like the Colonial Pipeline hack from occurring again.
What next for the US?
It will be up to the Biden administration to adopt a tit-for-tat response. The US has honed its cyber-warfare capabilities for years, with the International Institute for Strategic Studies ranking the United as the world’s foremost cyber superpower.
Following the Solarwinds hack, Biden’s national security adviser Jake Sullivan said the country was considering “seen and unseen” responses to the attack.
Russia exercises tight controls on the internet access within the country, mandating internet service providers to install government authorised equipment to aid with censorship and re-routing traffic: Russia has also implemented an internet “kill switch” which it places under Putin’s power, in a bid to stop a US cyberattack. The idea is that a Russian internet could operate independently from the global network—though the detriment in such a scenario would be at the expense of ordinary Russian users who are familiar with the world wide web.
The US also has sanctions as a tool: New sanctions had been imposed following the Solarwinds hack in April. In April, a US Congress report providing an overview of American sanctions on Russia noted that the US maintains sanctions on Russia related to the 2014 invasion of Crimea, malicious cyber activities, influence operations (including election interference), human rights abuses, use of a chemical weapon, weapons proliferation, illicit trade with North Korea, support to the governments of Syria and Venezuela, and use of energy exports as a coercive or political tool.
What is left for the US to sanction remains to be seen.
While the sanctions had hit the Russian economy in terms of overall growth, Putin on June 30 said the sanctions had had positive sides, helping the country replace imported technologies and implement new financial payment systems. As a Financial Times column in January 2020 noted, sanctions on Russia had led to slower but more stable growth, leaving Russia in a situation where an abrupt removal of sanctions could actual endanger the Russian economy, due to the likelihood of a massive and disruptive inflow of capital.
The threat of ransomware attacks has grown so concerning that cyber re-insurance rates have gone up by 40 per cent, according to a Reuters report. Ransomware claims accounted for 41 per cent of all cyber insurance claims filed in the first half of 2020, according to a September 2020 report from cyber insurance provider Coalition.
The report comes just a day after Russia’s embassy in Washington categorically denied allegations that it had interfered in the 2016 US presidential election, following a joint advisory by the US and Uk governments on Thursday that it had done so by abusing virtual private networks.
Russia's embassy in Washington said on Facebook that it hoped the United States would refrain from making what it called further unfounded allegations and focus instead on working with Russia to fight cybercrime.
"We categorically deny the involvement of any Russian state structures in attacks on 'government and private facilities in the United States and abroad,'" the embassy said.
