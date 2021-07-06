BOSTON (AP) – The biggest global ransomware attack on record continued to claim victims on Monday, as more details emerged of how a Russian-linked gang took advantage of a software company to spread malware around the world.

Thousands of organizations – most of them companies that remotely manage the IT infrastructure of multiple customers – were infected in at least 17 countries during Friday’s attack. Kaseya, whose management software was hacked in the attack, said on Monday that the affected organizations included several who were just returning to work.

A wide range of businesses and government agencies have suffered, though few are large, cybersecurity firm Sophos said. The UK, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya are among the affected countries, researchers say.

Given that the REvil group attack happened just at the start of the long weekend in the United States on July 4, many more victims are expected to emerge when they return to work on Tuesday.

REvil is known to extort $ 11 million last month from JBS, the world’s largest meat packer.

Cyber ​​security researchers said the ability to evade malware safeguards in this attack, and exploit a previously unknown vulnerability on Kaseya’s servers, reflects the growing financial strength of REvil and others. cyber-extortion gangs, whose success allows them to afford the best digital tools.

Ransomware criminals infiltrate and cripple networks by encrypting data. They then demand payment from their victims to give them a key that decrypts the content.

REvil demanded a ransom of $ 5 million from so-called managed service providers, its primary targets in the attack, and reportedly demanded significantly less – $ 45,000 – from affected customers.

But on Sunday evening, the REvil group offered a universal decoder on its dark web to restore the hijacked data of all victims of the Kaseya attack in exchange for $ 70 million in cryptocurrency. Some researchers viewed the offer as an advertising strategy; others think it indicates that criminals have more victims than they can handle.

Sweden could be the country most affected. Its Defense Minister Peter Hultqvist deplored in an interview “the fragility of the system in terms of computer security”. Most of the 800 stores of the Swedish food chain Coop closed for the third day in a row because their cash registers were hit. A chain of pharmacies, gas stations, state railways and the public broadcaster SVT were also affected by the attack.