It started with a Florida IT company called Kaseya, which provides security software to cybersecurity contractors. After hackers breached Kaseya's servers on July 2, they got into at least 40 cybersecurity contractors' systems and from there they infected hundreds of businesses with ransomware over the weekend. The hackers encrypted infected businesses' data, locked them out of their IT systems, and then demanded ransoms of $50,000 from smaller companies and $5M from larger companies in exchange for a key to decrypt their data and resume normal operations.
Cybersecurity experts say Russia's REvil gang, who successfully extorted $11M from meat processor JBS earlier this year, infected thousands of victims in at least 17 countries. It was no accident it happened before the 4th of July weekend, when IT staffing was generally thin in the US.
Link
Update 1: In a post on their blog, REvil takes credit for the Kaseya attack, claims it infected 1M+ systems, and demands $70M in Bitcoin for a universal decryptor. Link
Update 2 (July 22, 2021): Kaseya says it got a universal decryptor for the REvil ransomware and is helping customers recover their data. It's not clear if Kaseya paid the ransom to get it. Link
