The Centre for Cybersecurity (CCB) has issued a warning of a major Russian cyber-attack currently under way using ransomware.
The attack is international, and so far some 200 businesses have been victims of an attack. Victims of a ransomware attack find their computer systems suddenly frozen. A message appears telling the victim to pay a certain amount of money – these days most usually in bitcoin – before the computer will be unlocked.
Ransomware attacks most commonly target businesses, less commonly government administrations, and least commonly private individuals. The professional hackers who carry out such attacks know where the returns are likely to be best, and that is not private citizens looking up the Weather Channel.
The current attack targets an ICT management tool known as Kaseya VSA, the CCB said. The software has certain vulnerabilities which allow it to be taken over, crippling not one machine but a whole network.
Users in Belgium have been alerted and warned to turn their systems off entirely, until their software is updated or the attack ends.
The attack began on the night of Friday to Saturday, and by yesterday 200 targets had been identified, in Argentina, Canada, Mexico, Spain, South Africa, Sweden, the UK and the USA.
One of the biggest victims of the new attack is the Swedish supermarket chain Coop. It has had to temporarily close 500 of its 800 stores in the country, because the cyber attack paralysed the cash registers.
One Belgian victim of the attack appears to be the Antwerp-based IT services provider ITxx, which yesterday sent out a press release saying that the emails and other data of the company and some 50 clients – mainly small businesses – had been frozen.
The company is now working with experts from the federal police’s Computer Crime Unit and the IT security company Secutec to find a solution.