BOSTON, US: Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. They reported ransom demands of up to $5 million.
The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually.” Deputy National Security Adviser Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.
Biden suggested Saturday the US would respond if it was determined that the Kremlin is at all involved.
The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the US deems a national security threat.
A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.
The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.
CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”
Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70 percent were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.
Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing US offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Voccola,
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he’d seen $5 million and $500,000 demands by REVil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.
Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the data-scrambling malware. The criminals then threaten to dump the stolen data online unless paid. It was not immediately clear if this attack involved data theft, however. The infection mechanism suggests it did not.
“Stealing data typically takes time and effort from the attacker, which likely isn’t feasible in an attack scenario like this where there are so many small and mid-sized victim organizations,” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay.”
Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.
“The level of sophistication here was extraordinary,” he said.
When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.
It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 US dental practices were crippled in a separate attack.
One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.
The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.
Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. US officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.
Scale, details of massive Kaseya ransomware attack emerge
https://arab.news/bjqyr
Scale, details of massive Kaseya ransomware attack emerge
- An affiliate of the notorious REvil gang infected thousands of victims in at least 17 countries on Friday, cybersecurity researchers say
- Ransomware criminals break into networks and sow malware that cripples networks on activation. Victims get a decoder key when they pay up
Oil Updates — crude slips on US stockpile build, Saudi Arabia price cuts
TOKYO/SINGAPORE: Oil edged lower on Thursday after a build in US gasoline and diesel inventories and cuts to Saudi Arabia’s July prices for Asian crude buyers, with global economic uncertainty weighing on prices as well.
Brent crude futures fell 1 cent to $64.85 a barrel at 9:30 a.m. Saudi time. US West Texas Intermediate crude lost 11 cents, or 0.2 percent, dropping to $62.74 a barrel.
Oil prices closed around 1 percent lower on Wednesday after official data showed that US gasoline and distillate stockpiles grew more than expected, reflecting weaker demand in the world’s top economy.
Saudi Arabia, the world’s biggest oil exporter, cut its July prices for Asian crude buyers to nearly the lowest in four years.
“While the (Saudi) decrease was smaller than anticipated, it suggests demand is soft despite entering the peak demand period,” said ANZ analysts in a note.
The price cut by Saudi Arabia follows the OPEC+ move over the weekend to increase output by 411,000 barrels per day for July. OPEC+ is made up of members of the Organization of the Petroleum Exporting Countries and allies such as Russia.
Weak US economic data and ongoing developments in US-China trade relations also weighed on oil prices, said independent market analyst Tina Teng.
“Simply put, a gloomy global economic trajectory dimmed the demand outlook,” she said.
“Markets are cautiously watching for any progress in trade talks between the world’s two top economies.”
Data on Wednesday showed that the US services sector contracted for the first time in nearly a year in May while businesses paid higher prices for inputs, indicating the American economy remains in danger of slow growth and high inflation.
On the trade front, US President Donald Trump said on Wednesday that China’s Xi Jinping was tough and “extremely hard to make a deal with,” exposing friction between Beijing and Washington after the White House had raised expectations for a long-awaited Xi-Trump phone call this week.
Meanwhile, Canada prepared possible reprisals and the EU reported progress in trade talks as new US metals tariffs triggered more disruption in the global economy and added urgency to negotiations with Washington.
“Uncertainty fueled by President Trump’s shifting stance on tariffs has intensified fears of a global economic slowdown,” analyst Ole Hansen at Saxo Bank said in a note.
Saudi Aramco lowers July oil prices for Asian markets
RIYADH: Saudi Aramco has slashed its official selling price for crude oil destined for Asia in July, the company confirmed in an official statement on Wednesday.
The state-owned oil giant cut the price of its benchmark Arab Light crude by $0.20, setting it at $1.20 per barrel above the average of Oman and Dubai crude prices.
Saudi Aramco prices its crude oil across five density-based grades: Super Light (greater than 40), Arab Extra Light (36-40), Arab Light (32-36), Arab Medium (29-32), and Arab Heavy (below 29).
The company’s monthly pricing decisions impact the cost of around 9 million barrels per day of crude exported to Asia and serve as a pricing benchmark for other major regional producers, including Iran, Kuwait, and Iraq.
In the North American market, Aramco set the July OSP for Arab Light at $3.50 per barrel above the Argus Sour Crude Index.
Aramco determines its OSPs based on market feedback from refiners and an evaluation of crude oil value changes over the past month, taking into account yields and product prices.
Plans by OPEC+ producers to increase output by 411,000 barrels per day in July are also weighing on the market.
Yet, there was some support as wildfires reduced Canada’s production by some 344,000 bpd, according to Reuters calculations.
PIF-backed Lucid inks graphite supply deal to bolster US EV battery material sourcing
RIYADH: Lucid Group, the electric vehicle manufacturer backed by Saudi Arabia’s Public Investment Fund, has signed a multiyear supply agreement with Graphite One to source natural graphite from the US.
The move is aimed at reinforcing the company’s domestic supply chain for battery production. The agreement aligns with Lucid’s broader strategy to secure critical raw materials domestically.
It follows similar deals with Graphite One and Syrah Resources as the company ramps up efforts to localize its EV production ecosystem.
According to the terms, the graphite will be supplied through Lucid’s battery cell partners for use in upcoming vehicle models.
Lucid is majority-owned by PIF, which holds a 60 percent stake, amounting to 1.77 billion shares. The partnership underscores the sovereign fund’s long-term commitment to advancing electric mobility as part of Saudi Arabia’s Vision 2030.
In September 2023, Lucid opened its first international manufacturing facility in King Abdullah Economic City. The plant currently produces 5,000 vehicles per year, with plans to scale up to 155,000 units annually. The expansion is expected to support Saudi Arabia’s ambitions to diversify its economy and become a regional hub for electric vehicle manufacturing.
“A supply chain of critical materials within the United States drives our nation’s economy, increases our independence against outside factors or market dynamics, and supports our efforts to reduce the carbon footprint of our vehicles,” said Marc Winterhoff, interim CEO at Lucid.
Under the latest deal, Lucid and its battery suppliers will begin receiving natural graphite from Graphite Creek, a deposit located near Nome, Alaska, starting in 2028. This builds on a prior agreement signed in 2024, in which Graphite One will provide synthetic graphite from its proposed anode materials facility in Warren, Ohio — also set to begin production in 2028.
“This agreement complements the deal we struck with Lucid in 2024 — which marked the first synthetic graphite agreement between a US graphite developer and a US EV company,” said Anthony Huston, CEO of Graphite One.
He added: “We made history then — and we’re continuing to make history now as we build momentum for our efforts to develop a fully domestic graphite supply chain, to meet market demands and strengthen US industry and national defense.”
Lucid is also expected to receive natural graphite active anode material from Syrah Resources starting in 2026, as part of its ongoing diversification of supply sources.
In a further boost to its financial position, Lucid closed a $1.1 billion offering of convertible senior notes in April, due in 2030. The announcement came shortly after the company reported first-quarter deliveries of 3,109 vehicles — a 58 percent increase year on year.
Closing Bell: Saudi main index closes in green before Eid holidays
RIYADH: Saudi Arabia’s Tadawul All Share Index climbed on Wednesday, gaining 172.1 points, or 1.59 percent, to close at 11,004.53.
The total trading turnover on the benchmark index was SR4.61 billion ($1.23 billion), with 191 listed stocks advancing and 50 declining.
The Kingdom’s parallel market Nomu surged by 257.9 points to close at 27,307.74.
Meanwhile, the MSCI Tadawul Index edged up by 1.67 percent to 1,406.49.
The best-performing stock on the main market was Saudi Industrial Investment Group, with its share price surging 7.03 percent to SR17.36.
The share price of ACWA Power Co. also rose by 6.72 percent to SR269.80.
Al-Babtain Power and Telecommunication Co. saw its stock price increase by 5.40 percent to SR5.40.
Conversely, the share price of Saudi Steel Pipe Co. fell by 6.33 percent to SR56.20.
Saudi Research and Media Group also saw a dip, with its share price easing 2.26 percent to SR127.
On the announcements front, Saudi National Bank completed its offer of Saudi riyal-denominated Additional Tier 1 sukuk, with the settlement finalized on June 3.
According to a statement on the Saudi Exchange dated May 11, the issuance was conducted through a private offer to eligible investors in the Kingdom. The total value of the sukuk offering amounted to SR1.73 billion.
The bank issued 1,730 sukuk, each with a par value of SR1 million. The sukuk will offer an annual return of 6 percent from the issue date until June 3, 2030.
The share price of Saudi National Bank increased by 0.88 percent to close at SR34.45.
The announcement coincided with the implementation of the unified regulation for cross-border registration of investment funds among Gulf Cooperation Council countries, which came into effect in 2025, according to the Capital Market Authority.
The regulation outlines requirements for registering and marketing investment funds across GCC countries and introduces a dedicated regulatory guide.
It aims to clarify procedures for handling both local and Gulf-based funds, enhance financial market services, and reduce regulatory challenges.
Additionally, the framework seeks to support mechanisms that attract international investments to the Saudi financial market and boost foreign ownership in investment funds.
The broader goal is to improve liquidity in regional financial markets, enhance the competitiveness of GCC economies, and foster integration by unifying the policies and systems governing domestic, regional, and foreign investment activities.
The regulation also aims to ensure a transparent and stable investment environment.
Under the framework, the legislative committee in each host country will have the authority to set standards for approving fund registrations and supervising funds within its jurisdiction, including overseeing the appointed agent and their interactions with investors.
Cross-border registration must be conducted through the capital market authorities of both the fund’s country of origin and the host country.
The regulation allows investment funds established in any GCC member state to be promoted in other countries applying the framework.
It also outlines the process for offering Saudi funds in Gulf markets, with a focus on aligning with regulatory review mechanisms and cross-border registration requirements to ensure full compliance with approved guidelines.
Saudi POS spending hits $4bn pre-Adha, fueled by increased spending across all sectors
RIYADH: Saudi Arabia’s point-of-sale transactions climbed 33 percent to SR15.5 billion ($4.15 billion) in the week preceding Eid Al-Adha, driven by increased spending across all sectors.
The latest data from the Saudi Central Bank, also known as SAMA, showed that the clothing and footwear sector led the growth seen in the week ending May 31, registering the largest jump in transaction value, up 72.7 percent to SR1.2 billion.
The sector also saw a 61.6 percent rise in the number of transactions, reaching 8.6 million.
The education sector followed, recording a 61.6 percent increase in transaction value to SR242.1 million. Telecommunication spending ranked next, rising 44.5 percent to SR136.2 million, with transactions up 19.9 percent to 2.1 million.
Food and beverages — the sector with the biggest share of total POS value — recorded a 34.2 percent increase to SR2.2 billion.
Transportation spending rose 29.7 percent to SR898.8 million, while restaurants and cafes saw a 24.3 percent increase, totaling SR2 billion and claiming the second-biggest share of this week’s POS.
The smallest spending gains were in hotels, rising by 9 percent to SR207.5 million, and construction and building materials, which increased by 12.9 percent to SR267.6 million.
Health outlays rose by 28.4 percent to reach SR952.8 million, while the public utilities sector increased by 29.1 percent to SR55.3 million.
Spending on electronics followed the trend, rising 23.1 percent to SR187.2 million, and recreation and culture edged up 42.5 percent to SR324.3 million.
Miscellaneous goods and services claimed the third-largest share of total transactions value, with an uptick of 34.4 percent to SR1.9 billion.
The top three categories — food and beverages, miscellaneous goods and services, and clothing and footwear — accounted for 39.9 percent of the week’s total spending, amounting to SR6.2 billion.
Geographically, Riyadh dominated POS transaction value, with expenses in the capital reaching SR5.4 billion, a 42.7 percent increase from the previous week.
Jeddah followed with a 27.7 percent rise to SR2.1 billion, while Dammam ranked third, up 25.1 percent to SR776.5 million.
Hail saw the biggest weekly increase in transaction value, inching up 52.6 percent to SR262.6 million, followed by Tabuk with a 51.3 percent uptick to SR323.6 million.
Hail recorded 4.3 million deals in transaction volume, up 24.7 percent, while Tabuk reached 5.2 million transactions, rising 21.1 percent.
