Scale, details of massive Kaseya ransomware attack emerge

1 / 2
This file photo illustration shows a screen displaying the Darkside Onionsite address with a notice saying it could not be found. (AFP / OLIVIER DOULIERY)
Short Url
Updated 05 July 2021
Follow

Scale, details of massive Kaseya ransomware attack emerge

  • An affiliate of the notorious REvil gang infected thousands of victims in at least 17 countries on Friday, cybersecurity researchers say
  • Ransomware criminals break into networks and sow malware that cripples networks on activation. Victims get a decoder key when they pay up

BOSTON, US: Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. They reported ransom demands of up to $5 million.
The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually.” Deputy National Security Adviser Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.
Biden suggested Saturday the US would respond if it was determined that the Kremlin is at all involved.
The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the US deems a national security threat.
A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.
The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.
CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”
Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70 percent were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.
Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing US offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Voccola,
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he’d seen $5 million and $500,000 demands by REVil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.
Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the data-scrambling malware. The criminals then threaten to dump the stolen data online unless paid. It was not immediately clear if this attack involved data theft, however. The infection mechanism suggests it did not.
“Stealing data typically takes time and effort from the attacker, which likely isn’t feasible in an attack scenario like this where there are so many small and mid-sized victim organizations,” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay.”
Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.
“The level of sophistication here was extraordinary,” he said.
When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.
It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 US dental practices were crippled in a separate attack.
One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.
The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.
Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. US officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.
 


Saudi Arabia unveils 2nd phase of industrial incentives to attract high-value investment 

Updated 23 June 2025
Follow

Saudi Arabia unveils 2nd phase of industrial incentives to attract high-value investment 

  • Initiative extends beyond traditional financing to include direct grants
  • Kingdom works to position itself as a regional and global industrial hub

RIYADH: Saudi Arabia has launched the second phase of its standardized industrial incentives program, aimed at boosting competitiveness and strengthening the Kingdom’s trade balance, a senior official said. 

Speaking at the Saudi Industry Forum in Dhahran, Khalil Ibn Salamah, deputy minister of industry and mineral resources for industrial affairs, said the initiative supports the government’s efforts to drive high-value investments in priority sectors. 

This comes as Saudi Arabia works to position itself as a regional and global industrial hub. Since its initial launch, the program has drawn more than 1,000 investors. Of the 118 applications received, 12 have reached the final qualification stage. 

In his remarks, Ibn Salamah said: “It gives me great pleasure to announce the launch of the second batch of standardized incentives under this transformative program.” 

He added: “Investors will be able to invest and apply for these new standardized incentives at the beginning of August.”

Khalil Ibn Salamah, deputy minister of industry and mineral resources for industrial affairs, speaking at the Saudi Industry Forum in Dhahran. X/@sif_2030

The initiative, described as one of the most important in the Kingdom’s industrial history, extends beyond traditional financing to include direct grants. 

These are designed to support factories producing critical goods that are currently imported and not manufactured locally. 

Eligible investors under the program may receive up to SR50 million, or 35 percent of the total investment value — whichever is higher. 

The deputy minister emphasized the growing role of the private sector in shaping and implementing the National Industrial Strategy, which aims to expand domestic production and promote economic diversification. 

“The partnership with the private sector has been a cornerstone in shaping the National Industrial Strategy, and it continues to grow steadily to ensure we meet the goals of our national industrial ambitions. The industrial investor remains an indispensable partner in our development efforts,” he said. 

Saudi Arabia currently oversees 61 industrial cities across the Kingdom. Of these, 37 are supervised by the Saudi Authority for Industrial Cities and Technology Zones, also known as MODON, while 18 are private and integrated industrial cities.

Another four are managed by the Royal Commission for Jubail and Yanbu, and several others fall under the Special Economic Zones Authority, including OXAGON in NEOM. 

These zones span more than 2 trillion sq. meters, with over 500 million sq. meters already developed or under development. Infrastructure investments across these sites have exceeded SR31 billion, with an expected return of eight to 12 times for every riyal spent. 

“This program has already had a significant positive impact this year and is expected to continue doing so in the years to come,” Ibn Salamah noted. 

The deputy minister said Saudi Arabia is currently overseeing over 1,900 industrial projects with investments totaling SR380 billion, nearly half of which are based in the Eastern Province. 

He noted that conversion industries are expected to account for between 30 and 40 percent of the National Industrial Strategy’s overall targets, underlining their central role in expanding the Kingdom’s industrial base. 

He further highlighted the role of the “Wafrah” program in boosting local consumption of polypropylene, reporting over 40 percent growth and 27 percent utilization of existing capacities. 

Ibn Salamah stated that they are working with the Ministry of Energy to include 20 new materials in the program by 2025, which will significantly impact downstream industries. 

The National Industrial Strategy is built around four core enablers supported by over 140 initiatives.

These include maximizing the value of natural resources, securing the availability of raw materials, enhancing the Kingdom’s exports, and developing specialized industrial clusters. 

It also seeks to empower small and medium-sized factories by encouraging the adoption of advanced manufacturing technologies.

In parallel, the government aims to increase the industrial sector’s contribution to the gros domestic product while reinforcing the resilience and efficiency of local supply chains. 

Chemicals sector drives growth 

During a panel discussion, Fahad Al-Jubairy, assistant deputy minister for sectoral strategies and regulation at the Ministry of Industry and Mineral Resources, said the chemicals sector represents one of the most vital components of the national economy and is expected to account for more than half of the total economic impact projected by the National Industrial Strategy by 2035. 

“The chemicals sector is a vital and strategic component of the national economy. It is one of the twelve key sectors targeted by the National Industrial Strategy — and indeed, it is considered the most critical due to its projected economic impact,” he said. 

The forum featured several key announcements aimed at accelerating industrial growth and localization. X/@sif_2030

According to Al-Jubairy, Saudi Arabia aims to multiply the output of specialty and downstream chemicals by four to five times, while boosting the production of basic and intermediate chemicals by over 12 million tons annually over the next decade. 

He also emphasized that the chemicals sector is foundational to the development of other industries such as automotive, aviation, construction, and advanced materials — all of which stand to benefit from the availability of locally produced value-added chemical products. 

“The growth of the chemicals sector will position the Kingdom where it truly belongs among the world’s leading economies — particularly within the G20 — by reinforcing its global leadership across various products and industries, especially petrochemicals,” Al-Jubairy said. 

He further noted that the sector’s growth will contribute significantly to job creation, increase industrial competitiveness, and open new investment opportunities for entrepreneurs, particularly in small and medium-sized enterprises. 

New industrial projects 

The forum featured several key announcements aimed at accelerating industrial growth and localization. 

Two industrial complexes were inaugurated in the Eastern Province. The first, in Dammam Third Industrial City, will enhance service availability and integration with neighboring industrial zones and export outlets. The second, in Jubail Second Industrial City, targets high-value investments in the chemicals sector and strengthens links with upstream and intermediate feedstock sources. 

Both fall under the Specialized Industrial Complexes Initiative, which supports economic diversification, local content, and job creation by attracting advanced manufacturing investments. 

A strategic partnership was also announced to establish Saudi Arabia’s first tinplate manufacturing plant, in collaboration between the National Industrial Co. and China’s Shanghai Donghexin Group. 

Additionally, MODON signed major industrial agreements, including a SR40 million contract with Abdullah Al-Shuwayer Sons Heavy Metal Industries, a SR35 million lease with Al-Sharq Polystyrene Factory, and a SR20 billion investment deal with Al Marje Al Hayawi Co. Ltd. 


Saudi crude output inches up to 9m bpd: JODI

Updated 23 June 2025
Follow

Saudi crude output inches up to 9m bpd: JODI

  • Direct domestic use of crude for power and industry slipped to 377,000 bpd, a decline of 1.6%
  • Crude intake fell 17.22% to 1.84 million bpd

RIYADH: Saudi Arabia pumped 9 million barrels per day of crude in April, a 0.54 percent month-on-month increase, according to the latest data from the Joint Organizations Data Initiative.

Crude exports rose to 6.17 million bpd, up 7.16 percent from March, the data showed.

Direct domestic use of crude for power and industry slipped to 377,000 bpd, a decline of 1.6 percent versus the previous month and 6 percent below the April 2024 tally.

Demand from local refineries also eased. Crude intake fell 17.22 percent to 1.84 million bpd.

JODI, a platform overseen by the International Energy Forum, compiles monthly oil statistics supplied voluntarily by national governments. The Kingdom’s figures are published with a roughly two-month lag, providing one of the few publicly available windows into Saudi production, exports, and domestic consumption patterns.

For much of the period between 2020 and 2024, the wider OPEC+ alliance had been restraining supplies to shore up prices, beginning with the record 9.7 million-bpd collective cut agreed in April 2020 at the height of the pandemic and tapering only gradually through April 2022.

Additional curbs followed, with the group instituting a 2 million bpd reduction in October 2022 and layered on a series of voluntary cuts totaling 1.6 to 2.2 million bpd from May 2023, moves that remained in force into early 2025.

In a shift of strategy, OPEC+ members agreed in early May to bring back barrels in stages, scheduling incremental increases for May, June, and July and signaling room for a further 2.2 million bpd to return by November if market conditions allow.

A separate market context came from the June Monthly Oil Market Report issued by OPEC on June 16, in which the producer group said the global economy “has outperformed expectations” in the first half of 2025 and should remain resilient in the second half.

OPEC kept its forecasts for oil demand growth in 2025 and 2026 unchanged but trimmed its projection for non-OPEC+ supply growth in 2026 to 730,000 bpd, 70,000 bpd lower than the previous month, citing plateauing US shale output.

Geopolitical risk also featured prominently in late-June trading. Iran’s parliament approved a bill to shut the Strait of Hormuz, the 33-km wide passageway that carries close to one-fifth of the world’s crude exports.

Tanker-tracking data compiled by Reuters shows supertankers making U-turns, idling near the Gulf, or zigzagging to avoid the choke point as companies rush to limit their exposure. In response, freight rates for the largest vessels more than doubled, and Brent crude hit a five-month high.

A full closure — still subject to sign-off by Iran’s higher supervisory bodies — would force Gulf exporters to divert cargoes around Africa or rely on overland pipelines, moves that analysts say could squeeze near-term supply and push oil prices sharply higher. The Strait routinely handles about 20 percent of globally traded oil, underlining why even the threat of disruption can jolt energy markets.


Closing Bell: TASI rises 1.3% as market breadth remains positive 

Updated 23 June 2025
Follow

Closing Bell: TASI rises 1.3% as market breadth remains positive 

  • MSCI Tadawul 30 Index climbed 1.16% to close at 1,377.63
  • Parallel market Nomu ended 0.80% higher at 26,358.07

RIYADH: Saudi Arabia’s Tadawul All Share Index rose 1.29 percent to close at 10,710.24 on Monday, supported by broad-based gains across sectors. 

Trading activity remained healthy, with turnover hitting SR4 billion ($1 billion) and the market recording 225 advancers versus 20 decliners.

The MSCI Tadawul 30 Index also climbed 1.16 percent to close at 1,377.63. The parallel market Nomu ended 0.80 percent higher at 26,358.07.

Red Sea International Co. led the main market gainers with a 9.97 percent jump to SR38.60. Al-Rajhi Co. for Cooperative Insurance followed with an 8.86 percent gain to close at SR113. 

Other top performers included National Gypsum Co., which rose 7.61 percent to SR19.52; Americana Restaurants International, up 6.86 percent at SR2.18; and Naseej International Trading Co., which added 6.53 percent to reach SR78.30. 

On the downside, Sustained Infrastructure Holding Co. was the biggest decliner, falling 3.07 percent to SR25.30. 

Alistithmar AREIC Diversified REIT Fund dropped 1.58 percent to SR8.12, while Eastern Province Cement Co. slipped 1.17 percent to SR29.50. 

Other notable fallers included Knowledge Economic City, down 0.92 percent at SR12.86, and Saudi Industrial Investment Group, which closed 0.71 percent lower at SR16.70. 

On the announcement front, Etihad Atheeb Telecommunications Co., known as GO Telecom, confirmed the completion of its acquisition of a 51 percent stake in Ejad Tech for Information Technology.

The deal, valued at SR86.7 million, was finalized using internal company resources. The group stated that SR40 million was paid upon signing, with the remaining SR46.7 million to be disbursed in two instalments contingent upon target achievements — SR23.7 million by the end of 2025 and SR23 million by the end of 2026. 

GO Telecom said the acquisition is part of a strategic initiative to broaden its business base and enter new sectors. Ejad Tech is recognized as one of the top five digital transformation service providers in the Middle East. 

GO Telecom shares closed up 0.98 percent at SR93.10. 


Digital transformation to boost Saudi industrial productivity by up to 25%, says Aramco CEO 

Updated 23 June 2025
Follow

Digital transformation to boost Saudi industrial productivity by up to 25%, says Aramco CEO 

  • Amin Nasser said effective integration of digital technologies could increase Kingdom’s industrial productivity by 15%
  • He was speaking during the Saudi Industry Forum in Dhahran

RIYADH: Integrating digital technologies is set to increase Saudi Arabia’s industrial productivity by 15 to 25 percent, according to Aramco President and CEO Amin Nasser. 

Speaking during the Saudi Industry Forum in Dhahran, Nasser stated that the Kingdom’s shift into a new industrial era calls for an increased focus on digital transformation and the need to align it with proactive cybersecurity strategies. 

This comes as Saudi Arabia works to solidify its position as a regional and global digital powerhouse, backed by major advances in artificial intelligence, data centers, e-government, and human capital development.  

The Kingdom has emerged as the Middle East and North Africa’s largest digital economy, with a market value exceeding SR495 billion ($131.9 billion) in 2024 — equivalent to 15 percent of its gross domestic product, according to figures from the Ministry of Communications and Information Technology.  

In his remarks, Nasser said: “Preliminary estimates suggest that effective integration of digital technologies could increase Saudi Arabia’s industrial productivity by 15 percent to 25 percent.”  

The Saudi Industry Forum 2025 is sponsored by Eastern Province Governor Prince Saud bin Naif bin Abdulaziz. X/@sif_2030

He added: “Thanks to successive technological developments, industries will emerge over the next 10 years dominated by advanced technologies to a degree we have never seen before.” 

Nasser noted that the world is undergoing profound geopolitical shifts and intensifying competition across technological, industrial, and economic domains — trends that are accelerating the transformation of Saudi Arabia’s industrial landscape. 

He emphasized the need to prepare for this future, particularly as the Kingdom continues to invest in artificial intelligence, the Internet of Things, robotics, and automation. 

These technologies, he explained, are aimed at more than just optimizing factory operations; they are vital for enhancing industrial productivity and ensuring operational reliability. 

“At Aramco, we are working to establish a digital infrastructure that becomes an integral part of empowering the industrial sector,” Nasser said, adding: “This includes the launch of Aramco Digital Company, as well as a 450 MHz private wireless network dedicated to industrial use by the private sector.” 

He continued: “Aramco Digital has also introduced an edge artificial intelligence service — AI on the Edge — designed for critical industrial facilities and complex applications, such as crowd management during Hajj.” 

In the cybersecurity sphere, Aramco established Cyberani in 2021, a company focused on delivering industrial-grade solutions and software protection technologies. 

“Aramco is working on projects to develop artificial intelligence platforms, data centers, and smart industrial complexes,” Nasser said. 

He warned of the risks accompanying digital advancement, stating: “A technical malfunction or external interference through digital systems or control platforms could impact operations and disrupt the performance of industrial and economic facilities — especially those that do not invest sufficiently in digital protection.” 

Highlighting the human element in digital security, he stated: “The most critical aspect of proactive protection systems is the development of human capabilities and deep expertise.” 

Nasser concluded by stressing the importance of localizing digital supply chains and enhancing technological resilience. 

“Building future Saudi industries supported by flexible supply chains, competitive costs, and excellence in artificial intelligence is essential and highly important — but it is not enough unless it is accompanied by proactive investment in digital protection,” he said. 

The Saudi Industry Forum 2025, held from June 23–25 at the Dhahran International Exhibition Center, is sponsored by Eastern Province Governor Prince Saud bin Naif bin Abdulaziz. 

The event aims to elevate the Kingdom’s industrial sector in alignment with Saudi Vision 2030, which seeks to diversify income sources and increase the sector’s contribution to the gross domestic product. 


Egypt records 77% rise in remittances over 10 months

Updated 23 June 2025
Follow

Egypt records 77% rise in remittances over 10 months

  • Between January and April, remittance inflows rose 72.3% year on year to $12.4 billion
  • Annual urban headline inflation rate accelerated to 16.8% in May, up from 13.9% in April

RIYADH: Remittances from Egyptians working abroad rose by more than 77 percent in the first 10 months of the 2024-25 fiscal year, reaching a record $29.4 billion.

Between January and April alone, remittance inflows rose 72.3 percent year on year to $12.4 billion, official data from Egypt’s central bank showed.

The sharp increase underscores growing confidence among expatriates in the country’s financial system and reflects a broader improvement in Egypt’s external financial position.

The Central Bank of Egypt attributed the surge to recent measures aimed at stabilizing the exchange rate and encouraging the use of formal remittance channels.

The impact of these policies is also evident in the rise of Egypt’s net international reserves, which climbed to $48.5 billion at the end of May, up from $47.8 billion in March.

In a statement, the central bank noted: “On a monthly basis, remittances in April 2025 increased by 39 percent year on year, reaching approximately $3 billion, compared to $2.2 billion in the same month last year.”

The Central Bank of Egypt attributed the surge to recent measures aimed at stabilizing the exchange. File/Reuters

The rebound in remittance flows comes amid broader economic reforms pursued under an International Monetary Fund-backed stabilization program. These reforms have bolstered Egypt’s foreign currency position and helped attract more international capital.

In May, Prime Minister Mostafa Madbouly announced that Egypt recorded real gross domestic product growth of 3.9 percent during the first half of the fiscal year. Private sector investment surged by 80 percent, while foreign direct investment rose by around 17 percent.

Inflation, however, remains a key challenge. The annual urban headline inflation rate accelerated to 16.8 percent in May, up from 13.9 percent in April, driven largely by continued pressure on non-food prices.

These inflation trends come as Egypt’s broader economic landscape continues to be shaped by both domestic and global pressures. The government is navigating a delicate recovery amid external shocks, ongoing structural reforms, and efforts to manage public debt.  

In February, Moody’s affirmed Egypt’s “Caa1” long-term foreign and local currency ratings with a positive outlook, citing improved debt servicing capacity, higher reserves, and falling borrowing costs.  

The ratings agency noted that recent currency devaluation and flotation helped boost foreign exchange reserves and reduce debt vulnerabilities. While a “Caa1” rating denotes high credit risk, the positive outlook reflects the government’s efforts to control inflation and stabilize interest rates.