BOSTON —
Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. They reported ransom demands of up to $5 million.
The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually.”
President Joe Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved. He said he had asked the intelligence community for a “deep dive” on what happened.
The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.
A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.
The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.
CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”
Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.
Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Voccola,
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he’d seen $5 million and $500,000 demands by REVil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.
Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the data-scrambling malware. The criminals then threaten to dump the stolen data online unless paid. It was not immediately clear if this attack involved data theft, however. The infection mechanism suggests it did not.
“Stealing data typically takes time and effort from the attacker, which likely isn’t feasible in an attack scenario like this where there are so many small and mid-sized victim organizations,” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay.”
Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.
“The level of sophistication here was extraordinary,” he said.
When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.
It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.
One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.
The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.
Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.
——
AP reporters Eric Tucker in Washington, Kirsten Grieshaber in Berlin, Jari Tanner in Helsinki and Sylvie Corbet in Paris contributed to this report.
TOKYO (AP) — Japanese technology group SoftBank swung back to profitability in the July-September quarter, boosted by positive results in its Vision Fund investments.
Tokyo-based SoftBank Group Corp. reported Tuesday a fiscal second quarter profit of nearly 1.18 trillion yen ($7.7 billion), compared with a 931 billion yen loss in the year-earlier period.
Quarterly sales edged up about 6% to nearly 1.77 trillion yen ($11.5 billion).
SoftBank credited income from royalties and licensing related to its holdings in Arm, a computer chip-designing company, whose business spans smartphones, data centers, networking equipment, automotive, consumer electronic devices, and AI applications.
The results were also helped by the absence of losses related to SoftBank’s investment in office-space sharing venture WeWork, which hit the previous fiscal year.
WeWork, which filed for Chapter 11 bankruptcy protection in 2023, emerged from Chapter 11 in June.
SoftBank has benefitted in recent months from rising share prices in some investment, such as U.S.-based e-commerce company Coupang, Chinese mobility provider DiDi Global and Bytedance, the Chinese developer of TikTok.
SoftBank’s financial results tend to swing wildly, partly because of its sprawling investment portfolio that includes search engine Yahoo, Chinese retailer Alibaba, and artificial intelligence company Nvidia.
SoftBank makes investments in a variety of companies that it groups together in a series of Vision Funds.
The company’s founder, Masayoshi Son, is a pioneer in technology investment in Japan. SoftBank Group does not give earnings forecasts.
Shopify Inc. executives brushed off concerns that incoming U.S. President Donald Trump will be a major detriment to many of the company’s merchants.
“There’s nothing in what we’ve heard from Trump, nor would there have been anything from (Democratic candidate) Kamala (Harris), which we think impacts the overall state of new business formation and entrepreneurship,” Shopify’s chief financial officer Jeff Hoffmeister told analysts on a call Tuesday.
“We still feel really good about all the merchants out there, all the entrepreneurs that want to start new businesses and that’s obviously not going to change with the administration.”
Hoffmeister’s comments come a week after Trump, a Republican businessman, trounced Harris in an election that will soon return him to the Oval Office.
On the campaign trail, he threatened to impose tariffs of 60 per cent on imports from China and roughly 10 per cent to 20 per cent on goods from all other countries.
If the president-elect makes good on the promise, many worry the cost of operating will soar for companies, including customers of Shopify, which sells e-commerce software to small businesses but also brands as big as Kylie Cosmetics and Victoria’s Secret.
These merchants may feel they have no choice but to pass on the increases to customers, perhaps sparking more inflation.
If Trump’s tariffs do come to fruition, Shopify’s president Harley Finkelstein pointed out China is “not a huge area” for Shopify.
However, “we can’t anticipate what every presidential administration is going to do,” he cautioned.
He likened the uncertainty facing the business community to the COVID-19 pandemic where Shopify had to help companies migrate online.
“Our job is no matter what comes the way of our merchants, we provide them with tools and service and support for them to navigate it really well,” he said.
Finkelstein was questioned about the forthcoming U.S. leadership change on a call meant to delve into Shopify’s latest earnings, which sent shares soaring 27 per cent to $158.63 shortly after Tuesday’s market open.
The Ottawa-based company, which keeps its books in U.S. dollars, reported US$828 million in net income for its third quarter, up from US$718 million in the same quarter last year, as its revenue rose 26 per cent.
Revenue for the period ended Sept. 30 totalled US$2.16 billion, up from US$1.71 billion a year earlier.
Subscription solutions revenue reached US$610 million, up from US$486 million in the same quarter last year.
Merchant solutions revenue amounted to US$1.55 billion, up from US$1.23 billion.
Shopify’s net income excluding the impact of equity investments totalled US$344 million for the quarter, up from US$173 million in the same quarter last year.
Daniel Chan, a TD Cowen analyst, said the results show Shopify has a leadership position in the e-commerce world and “a continued ability to gain market share.”
In its outlook for its fourth quarter of 2024, the company said it expects revenue to grow at a mid-to-high-twenties percentage rate on a year-over-year basis.
“Q4 guidance suggests Shopify will finish the year strong, with better-than-expected revenue growth and operating margin,” Chan pointed out in a note to investors.
This report by The Canadian Press was first published Nov. 12, 2024.
TORONTO – RioCan Real Estate Investment Trust says it has cut almost 10 per cent of its staff as it deals with a slowdown in the condo market and overall pushes for greater efficiency.
The company says the cuts, which amount to around 60 employees based on its last annual filing, will mean about $9 million in restructuring charges and should translate to about $8 million in annualized cash savings.
The job cuts come as RioCan and others scale back condo development plans as the market softens, but chief executive Jonathan Gitlin says the reductions were from a companywide efficiency effort.
RioCan says it doesn’t plan to start any new construction of mixed-use properties this year and well into 2025 as it adjusts to the shifting market demand.
The company reported a net income of $96.9 million in the third quarter, up from a loss of $73.5 million last year, as it saw a $159 million boost from a favourable change in the fair value of investment properties.
RioCan reported what it says is a record-breaking 97.8 per cent occupancy rate in the quarter including retail committed occupancy of 98.6 per cent.
This report by The Canadian Press was first published Nov. 12, 2024.
