A group of ethical hackers from the Netherlands was about to prevent the major ransomware attack of the day before yesterday, but was just too late. “If we had had a little more time, we would have succeeded,” members of the Dutch Institute for Vulnerability Disclosure (DIVD) group told Vrij Nederland.
The DIVD includes experienced cyber specialists who warn companies if they have discovered a security risk.
One of the members of the DIVD, Wietse Boonstra, was recently hired by a company to test software. In doing so, he came across a program from the American IT company Kaseya, which allows people to manage a computer remotely. He didn’t immediately succeed in hacking the program, but after a while he discovered a major leak: he was able to access the system without logging in.
After the discovery, Boonstra and colleague Frank Breedijk tried to map out how many companies in the Netherlands were susceptible to the leak. “It made me nauseous,” says Breedijk.
Within a few days, the Dutch teamed up with Kaseya’s top technical officer, UN reports. The intention was to release a software update that would allow customers to close the leak, but it didn’t work out in time.
According to Vrij Nederland, Boonstra received a message from Kaseya on Friday evening that the attack was in progress, after which vulnerable companies were hastily warned to turn off their systems.
Hundreds of companies affected
Hundreds of companies worldwide are affected by the attack. In America, for example, computers at at least 200 companies are locked with ransomware. Hundreds of companies may have been affected in the Netherlands and it was also a hit in Sweden. Payment systems of supermarket chain Coop were locked there. The 800 supermarkets remained closed because the cash registers no longer open.
Coop IT employees are cleaning the computers supermarket by supermarket this weekend. Today, some branches distributed free food to people, otherwise it would have to be thrown away. The Dutch supermarkets of Coop are separate from the Swedish chain and have no problems.
The criminals behind the ransomware attack demand thousands to millions of dollars in ransom for unlocking computers. Experts suspect that the Russia-affiliated RE-vil group is behind the attack.
We explain how a ransomware attack works in this video: