In this week’s Cyber Blurbs Roundup, we take a look at what is hopefully the final chapter of Kaseya’s ransomware story, AWS’ decision to move away from a spyware group, and a widespread internet outage.
Kaseya Gets its Decryptor Key
Weeks after suffering a catastrophic ransomware attack, Kaseya has finally received the keys to its system. The Florida-based company announced it received a universal decryptor key that would allow Kaseya and all of its customers to resume business.
Company spokesperson Dana Liedholm would not confirm whether or not the key was obtained as a direct result of a ransomware payment, only stating that it came from a “trusted third party,” according to The Associated Press. REvil, the hacking group claiming responsibility for the attack, was said to be asking for up to $70 million in bitcoin.
“We obtained the decryptor yesterday from a trusted third party and have been using it successfully on affected customers,” Liedholm, senior VP of corporate marketing, wrote in a statement. “We are providing tech support to use the decryptor. We have a team reaching out to our customers, and I don’t have more detail right now.”
Security firm Emsisoft confirmed to ArsTechnica that the key was effective at unlocking previously targeted data.
This latest development comes just about a week after REvil mysteriously disappeared from the dark web (which subsequently came a few days after US President Joe Biden requested that Russian President Vladimir Putin take action against some of the ransomware groups thought to be from his neck of the woods).
REvil has previously claimed responsibility for attacks against meat supplier JBS, as well as Apple (via Acer).
That Pegasus Story...
Early last week (for those who count Sundays as the true heir to the throne), Amnesty International published an investigative report regarding NSO Group’s Pegasus software — tech that was said to be used exclusively to surveil potential terrorists and criminals. As it turns out, the not-at-all unethical software was not always used in totally ethical ways, with the investigation revealing that it was at times used to spy on politicians, human rights activists, and journalists around the world.
News of the investigation prompted Amazon Web Services — known better by its acronym within the tech community — to ban any accounts linked to the Israeli-based vendor.
"When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts," an AWS spokesperson told Motherboard in an email.
Pegasus is capable of invading virtually every aspect of an otherwise private device. The software can steal passwords, photos, videos, location services, as well as microphone and camera activity. According to a story from The Guardian, even cutting-edge smartphones with the latest software are vulnerable to Pegasus’ spying abilities. But according to Apple, the software is “highly sophisticated, cost[s] millions of dollars to develop, often [has] a short shelf life, and [is] used to target specific individuals,” — meaning it’s not likely to be used broadly enough to sound the alarms.
Now, before you hit the panic button, understand that you’re not likely to be a target. Contrary to what grandma has been telling you for years, you’re probably not important enough to be the victim of a spyware campaign of this nature. According to a 2016 New York Times report, the cost to hack 10 smartphones was around $650,000 at the time.
Still, if you’re worried you might be targeted, Amnesty International developed a tool that should help you determine whether or not your device has been hacked. The folks over at The Verge put together a quick how-to on using the tool (WARNING: This process involves using the ever-intimidating command line).
Massive Internet Outage Several Popular Sites
Numerous popular websites went dark Thursday as part of a widespread internet outage that lasted for a little more than an hour. And no, your slow Wi-Fi was not to blame. At the center of it all was content delivery network (CDN) company, Akamai. The company states it was not the result of a cyber attack.
Among the affected websites were those belonging to UPS, Airbnb, Ally Bank, Fidelity, Sony’s Playstation Network, as well as numerous airlines.
News of Akamai’s troubles come just a month after Fastly, a different CDN provider, hit a snag that resulted in down time for popular sites like Reddit and Twitch. AWS is also not immune, suffering an hours-long outage back in November, impacting companies like 1Password, iRobot, and The Washington Post.