Businesses around the world rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.
It’s not yet known how many organizations have been hit by demands that they pay a ransom in order to get their systems working again. But some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.
It follows a scourge of headline-grabbing attacks over recent months that have been a source of diplomatic tension between U.S. President Joe Biden and Russian President Vladimir Putin over whether Russia has become a safe haven for cybercriminal gangs.
Biden said Saturday he didn’t yet know for certain who was responsible but suggested that the U.S. would respond if Russia was found to have anything to do with it.
“If it is either with the knowledge of and or a consequence of Russia then I told Putin we will respond,” Biden said. “We’re not certain. The initial thinking was it was not the Russian government.”
Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted the software company Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.
3:14 Toronto’s Humber River Hospital under code grey after ransomware attack
Toronto’s Humber River Hospital under code grey after ransomware attack – Jun 19, 2021
“The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact.”
The cybersecurity firm ESET says there are victims in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya and Germany.
In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, according to SVT, the country’s public broadcaster. The Swedish State Railways and a major local pharmacy chain were also affected.
Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”
Voccola said fewer than 40 of Kaseya’s customers were known to be affected, but experts said the ransomware could still be affecting hundreds more companies that rely on Kaseya’s clients that provide broader IT services.
John Hammond of the security firm Huntress Labs said he was aware of a number of managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
“It’s reasonable to think this could potentially be impacting thousands of small businesses,” said Hammond, basing his estimate on the service providers reaching out to his company for assistance and comments on Reddit showing how others are responding.
At least some victims appeared to be getting ransoms set at $45,000, considered a small demand but one that could quickly add up when sought from thousands of victims, said Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft.
1:42 U.S. recovers ‘majority’ of cryptocurrency paid in Colonial Pipeline ransomware attack
U.S. recovers ‘majority’ of cryptocurrency paid in Colonial Pipeline ransomware attack – Jun 7, 2021
Callow said it’s not uncommon for sophisticated ransomware gangs to perform an audit after stealing a victim’s financial records to see what they can really pay, but that won’t be possible when there are so many victims to negotiate with.
“They just pitched the demand amount at a level most companies will be willing to pay,” he said.
Voccola said the problem is only affecting its “on-premise” customers, which means organizations running their own data centers. It’s not affecting its cloud-based services running software for customers, though Kaseya also shut down those servers as a precaution, he said.
The company added in a statement Saturday that “customers who experienced ransomware and receive a communication from the attackers should not click on any links — they may be weaponized.”
Gartner analyst Katell Thielemann said it’s clear that Kaseya quickly sprang to action, but it’s less clear whether their affected clients had the same level of preparedness.
“They reacted with an abundance of caution,” she said. “But the reality of this event is it was architected for maximum impact, combining a supply chain attack with a ransomware attack.”
Supply chain attacks are those that typically infiltrate widely used software and spread malware as it updates automatically.
Complicating the response is that it happened at the start of a major holiday weekend in the U.S., when most corporate IT teams aren’t fully staffed.
2:14 How hackers can exploit vulnerabilities in Canadian companies
How hackers can exploit vulnerabilities in Canadian companies – May 10, 2021
That could also leave those organizations unable to address other security vulnerabilities, such a dangerous Microsoft bug affecting software for print jobs, said James Shank, of threat intelligence firm Team Cymru.
“Customers of Kaseya are in the worst possible situation,” he said. “They’re racing against time to get the updates out on other critical bugs.”
Shank said “it’s reasonable to think that the timing was planned” by hackers for the holiday.
The U.S. Chamber of Commerce said it was affecting hundreds of businesses and was “another reminder that the U.S. government must take the fight to these foreign cybercriminal syndicates” by investigating, disrupting and prosecuting them.
The federal Cybersecurity and Infrastructure Security Agency said in a statement that it is closely monitoring the situation and working with the FBI to collect more information about its impact.
CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.
The privately held Kaseya is based in Dublin, Ireland, with a U.S. headquarters in Miami.
REvil, the group most experts have tied to the attack, was the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor forced to pay an $11 million ransom, amid the Memorial Day holiday weekend in May.
2:02 FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline
FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline – May 10, 2021
Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.
U.S. officials have said the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
Alperovitch said he believes the latest attack is financially motivated and not Kremlin-directed.
However, he said it shows that Putin “has not yet moved” on shutting down cybercriminals within Russia after Biden pressed him to do so at their June summit in Switzerland.
Asked about the attack during a trip to Michigan on Saturday, Biden said he had asked the intelligence community for a “deep dive” on what happened. He said he expected to know more by Sunday.
TORONTO – Canada Goose Holdings Inc. says it has signed a deal that will result in the creation of its first eyewear collection.
The deal announced on Thursday by the Toronto-based luxury apparel company comes in the form of an exclusive, long-term global licensing agreement with Marchon Eyewear Inc.
The terms and value of the agreement were not disclosed, but Marchon produces eyewear for brands including Lacoste, Nike, Calvin Klein, Ferragamo, Longchamp and Zeiss.
Marchon plans to roll out both sunglasses and optical wear under the Canada Goose name next spring, starting in North America.
Canada Goose says the eyewear will be sold through optical retailers, department stores, Canada Goose shops and its website.
Canada Goose CEO Dani Reiss told The Canadian Press in August that he envisioned his company eventually expanding into eyewear and luggage.
This report by The Canadian Press was first published Sept. 19, 2024.
Almost seven years since news broke of an alleged conspiracy to fix the price of packaged bread across Canada, the saga isn’t over: the Competition Bureau continues to investigate the companies that may have been involved, and two class-action lawsuits continue to work their way through the courts.
Here’s a timeline of key events in the bread price-fixing case.
Oct. 31, 2017: The Competition Bureau says it’s investigating allegations of bread price-fixing and that it was granted search warrants in the case. Several grocers confirm they are co-operating in the probe.
Dec. 19, 2017: Loblaw and George Weston say they participated in an “industry-wide price-fixing arrangement” to raise the price of packaged bread. The companies say they have been co-operating in the Competition Bureau’s investigation since March 2015, when they self-reported to the bureau upon discovering anti-competitive behaviour, and are receiving immunity from prosecution. They announce they are offering $25 gift cards to customers amid the ongoing investigation into alleged bread price-fixing.
Jan. 31, 2018: In court documents, the Competition Bureau says at least $1.50 was added to the price of a loaf of bread between about 2001 and 2016.
Dec. 20, 2019: A class-action lawsuit in a Quebec court against multiple grocers and food companies is certified against a number of companies allegedly involved in bread price-fixing, including Loblaw, George Weston, Metro, Sobeys, Walmart Canada, Canada Bread and Giant Tiger (which have all denied involvement, except for Loblaw and George Weston, which later settled with the plaintiffs).
Dec. 31, 2021: A class-action lawsuit in an Ontario court covering all Canadian residents except those in Quebec who bought packaged bread from a company named in the suit is certified against roughly the same group of companies.
June 21, 2023: Bakery giant Canada Bread Co. is fined $50 million after pleading guilty to four counts of price-fixing under the Competition Act as part of the Competition Bureau’s ongoing investigation.
Oct. 25 2023: Canada Bread files a statement of defence in the Ontario class action denying participating in the alleged conspiracy and saying any anti-competitive behaviour it participated in was at the direction and to the benefit of its then-majority owner Maple Leaf Foods, which is not a defendant in the case (neither is its current owner Grupo Bimbo). Maple Leaf calls Canada Bread’s accusations “baseless.”
Dec. 20, 2023: Metro files new documents in the Ontario class action accusing Loblaw and its parent company George Weston of conspiring to implicate it in the alleged scheme, denying involvement. Sobeys has made a similar claim. The two companies deny the allegations.
July 25, 2024: Loblaw and George Weston say they agreed to pay a combined $500 million to settle both the Ontario and Quebec class-action lawsuits. Loblaw’s share of the settlement includes a $96-million credit for the gift cards it gave out years earlier.
Sept. 12, 2024: Canada Bread files new documents in Ontario court as part of the class action, claiming Maple Leaf used it as a “shield” to avoid liability in the alleged scheme. Maple Leaf was a majority shareholder of Canada Bread until 2014, and the company claims it’s liable for any price-fixing activity. Maple Leaf refutes the claims.
This report by The Canadian Press was first published Sept. 19, 2024.
Companies in this story: (TSX:L, TSX:MFI, TSX:MRU, TSX:EMP.A, TSX:WN)
TORONTO – TD Bank Group, which is mired in a money laundering scandal in the U.S., says chief executive Bharat Masrani will retire next year.
Masrani, who will retire officially on April 10, 2025, says the bank’s, “anti-money laundering challenges,” took place on his watch and he takes full responsibility.
The bank named Raymond Chun, TD’s group head, Canadian personal banking, as his successor.
As part of a transition plan, Chun will become chief operating officer on Nov. 1 before taking over the top job when Masrani steps down at the bank’s annual meeting next year.
TD also announced that Riaz Ahmed, group head, wholesale banking and president and CEO of TD Securities, will retire at the end of January 2025.
TD has taken billions in charges related to ongoing U.S. investigations into the failure of its anti-money laundering program.
This report by The Canadian Press was first published Sept. 19, 2024.
