Jul 7, 2021

Axios Login

It's never been easier to report a tech company for a potential antitrust violation. Just go to the FTC's home page, pan over to "I would like to ..." and scroll down.

Today's newsletter is 1,359 words, or a 5-minute read.

1 big thing: The ransomware-attack leaderboard

Illustration: Sarah Grillo/Axios

The July 4 weekend's Kaseya ransomware attack was huge — but while some experts and lawmakers are calling it "the biggest ever" or "largest ransomware attack in history," it's too soon to award that title, Axios' Scott Rosenberg and I report.

Ranking these incidents is tricky, since the cybersecurity world has no single yardstick for measuring or comparing the size of attacks.

You can size up these attacks by:

  • the number of victims, which might be individuals or companies and organizations of varying sizes;
  • the estimated economic cost in lost data, lost network time and other disruptions;
  • or the amount of ransom paid.

To gauge how "big" an attack is, Randy Watkins, CTO at Criticalstart, recommends looking at "multiple cross-sections between ransom amount, number of infected machines, number of infected organizations and the criticality of the organizations affected."

Yes, but: These numbers change as new information comes to light. Sometimes the public and even the targeted companies never get a complete picture.

How it worked: Kaseya sells remote management tools to service providers who use it to manage companies' systems.

  • The attackers, who have been widely identified as the Russia-connected REvil group, infected Kaseya's tools, which in turn transmitted malicious code to downstream companies, locking them out of their data and systems.
  • On Tuesday, Kaseya said it believes the attack "directly compromised" "fewer than 60" of its service provider customers, and "fewer than 1,500" companies who were those service providers' customers — ranging from small businesses to a Swedish supermarket chain with hundreds of stores.

REvil started by asking for a reported $45,000 in Bitcoin from each affected company. Then it demanded a lump-sum $70 million to provide one key that would free all the affected firms' systems. Then it lowered that demand to $50 million.

  • The switch to a wholesale approach, some analysts suggested, showed that the attackers couldn't handle managing the sheer volume of individual cases.

What they're saying: "Ransom size, victim number, victim size, brand damage are increasing exponentially," said Danny Clayton, vice president of global services at Bitdefender.

  • "Most ransomware attacks go unreported," he said, "so to help understand the magnitude of a cyber-event, look at the organizations taking notice." In this case, that would be President Biden, the FBI and the Cybersecurity and Infrastructure Security Agency.

The big picture: Kaseya is the latest in a flood of ransomware attacks that have plagued U.S. companies in recent weeks.

Flashback: In 2017, the Wannacry ransomware attack, widely attributed to North Korea-based hackers, infected hundreds of thousands of computers running Microsoft Windows.

One link connecting nearly all these incidents is Russia.

  • Russia disclaims any responsibility for the current ransomware epidemic, but U.S. experts and leaders see the Kremlin's fingerprints in most of these exploits.
  • The Kaseya attack has raised new calls for the Biden administration to get tough with Russia.
2. RNC contractor hit in separate cyber attack

Illustration: Brendan Lynch/Axios

A Republican National Committee contractor was breached over the past week, in an attack also being attributed to Russia, Axios' Oriana Gonzalez and I report.

Why it matters: Attacking political parties has become a staple of Russian cybercraft and has a number of potential benefits, including sowing discord, gaining access to valuable information and potentially providing opportunities for blackmail.

What they're saying: It is unclear what, if any, information the Cozy Bear hackers found. Danielle Alvarez, the GOP communications director, released a statement saying that while Microsoft had informed the organization that its systems may had been exposed, "no RNC data was accessed."

  • "Over the weekend, we were informed that Synnex, a third party provider, had been breached," RNC chief of staff Richard Walters said in a statement. "We immediately blocked all access from Synnex accounts to our cloud environment."

Zoom out: Cozy Bear, also known as APT 29, has been tied to the Russian foreign intelligence service and accused of breaching the Democratic National Committee in 2016 as well as carrying out a supply-chain cyberattack involving SolarWinds Corp., which infiltrated nine U.S. government agencies.

  • U.S. and U.K. intelligence agencies said in a report Thursday that Russian military hackers over the last three years have tried to access the computer networks of "hundreds of government and private sector targets worldwide" and warned that those "efforts are almost certainly still ongoing."
3. Pentagon cancels JEDI cloud contract

The Department of Defense announced Tuesday it was canceling the massive cloud computing contract awarded to Microsoft in 2019, saying the controversial deal "no longer meets its needs," Axios' Yacob Reyes reports.

Why it matters: The JEDI contract was the largest-ever of its kind, with an estimated value of roughly $10 billion over a 10-year stretch. The deal, initially intended to modernize the Pentagon's IT operations, was the subject of a drawn-out legal battle with Amazon and Microsoft.

  • Amazon filed a lawsuit in 2019 claiming that former President Trump had a bias against CEO Jeff Bezos that influenced the Pentagon's decision to award the contract to Microsoft.
  • The Pentagon reaffirmed its decision to award the contract to Microsoft in September 2020.

What they're saying: "One contract has never, and will never, define our relationship with the DoD or any customer. Our decades-long partnership with the DoD will continue," Microsoft said in a statement.

What to watch: In a press release, the Pentagon said it is still seeking an enterprise-scale cloud capability and announced a new multivendor contract, which both Microsoft and Amazon will be asked to bid for.

4. China cracks down on its own tech companies

Illustration: Sarah Grillo/Axios

U.S. tech companies for years have grumbled about how the Chinese government favored its homegrown heroes, largely shielding them from global competition. Now, though, China is turning on its own Big Tech companies, reminding them who's boss, Axios' Dan Primack reports.

Why it matters: China's moves complicate U.S. IPO plans for dozens of Chinese companies, and potentially could impact the value of even more Chinese unicorns.

Driving the news: China on Sunday banned DiDi from app stores, just days after the ride-hail giant went public on the NYSE at a $73 billion valuation.

  • WSJ reports that Chinese regulators privately urged DiDi to delay its IPO, which the company neither did nor disclosed.
  • DiDi shares were down more than 24% at this morning's market open, representing around $18 billion in lost market value.
  • Chinese regulators also disclosed cybersecurity investigations into several other companies, including recent U.S. IPO issuer Full Truck Alliance, blocking them from registering new users.
  • There are new reports that Weibo (Nasdaq: WB) is considering a take-private plan amid the crackdown, although the social media company is saying it's untrue.

Flashback: Chinese regulators successfully scuttled an IPO for Ant Financial late last year, just days before it was set to price, albeit for different official reasons.

  • The big difference between then and now is that, by letting DiDi and others go public before bringing down the regulatory hammer, China is putting a chill on foreign investor interest in future Chinese tech IPOs.
5. Take note

Trading Places

  • ServiceNow named Jacqui Canney as chief people officer. Canney comes from ad giant WPP where she held a similar role.
  • 28-year Intel veteran Shlomit Weiss is rejoining the company to head all consumer chip development, Tom's Hardware reported. Weiss has spent the last four years as a senior VP at Mellanox, now part of Nvidia.
  • TikTok hired former Vice executive Krystle Watler to help nab big agency dollars, Business Insider reported.


  • Nintendo announced a $350 version of the Switch console, coming in October, that will have a higher-end OLED screen and more memory. (Axios)
  • Twitter failed to comply with a new Indian IT law and lost protection regarding user generated content, the Indian government said in a court filing. (Reuters)
6. After you Login

Check out this portrait of Lakota leader Sitting Bull, made from more than 20,000 dice.