Despite the significant impact, the recent hacker attack on the systems of the Lazio Region is far from being one of the worst in history and if it really is just a ransomware, we are talking about a targeted and very far-reaching operation. limited, especially when compared with the real “milestones” of the sector. To start with, we could say that the first large-scale ransomware attack was launched on May 12, 2017, going down in history as “Wannacry”. The malicious program that encrypted victims’ files to demand ransom acted like a worm, meaning it was able to propagate itself thanks to a Windows vulnerability known as EternalBlue. This was part of the US National Security Agency’s cyber weapons arsenal, but was stolen during a hacker attack and put back into circulation for criminals. At the time it was estimated that Wannacry hit over 230,000 computers in less than two weeks involving companies such as FedEx, Telefonica, Renault, the Russian Ministry of the Interior and even the University of Milan.
Da Wannacry a Not-Petya
Soon after Wannacry came Not-Petya, a malware attack that turned into a global campaign by mistake. The original purpose of the attack was to severely disrupt Ukraine’s government IT infrastructure and its major companies, and a technique was used to initiate the attack that has since become one of the most popular when it comes to attacking. large scale: the compromise of the supply chain (in English, Supply Chain Attack). The attack was blamed on two alleged Russian spies who managed to compromise the software update system used to pay taxes widely used in the country. However, being the malware designed to use the EternalBlue vulnerability, the ransomware began to travel the world hitting numerous countries. The attack was so severe that the Chernobyl radiation monitoring system stopped working, while several companies reported losses of millions of dollars, most notably Maersk which estimated an impact of about 300 million dollars on its operations.
Loading…
About Kaseya
Coming to the present day, the attack conducted by the gang of cybercriminals known with the name of REvil against Kaseya, a company that produces software for remote control of IT infrastructures, has certainly made school. In fact, in July 2021, hackers exploited a number of software vulnerabilities to take total control of many of Kaseya’s customers ‘computers (and their customers’ customers) to install ransomware. More than 1,500 companies were involved in the attack launched at the turn of the weekend of July 4th with a global ransom request that amounted to 80 million dollars.Finally, certainly very important was also a ransomware campaign unleashed in early 2021 by pirates “Presumably” Chinese following the discovery of a major flaw in Microsoft’s Exchange servers. This vulnerability in the software allowed criminals to take complete control of the server, giving them full access to emails and calendars managed through this popular service. It has been estimated that hundreds of thousands of companies were affected also because after the initial attack by a single criminal group, a leak made it possible for dozens of other groups to use the same technique to target the companies still exposed. .