An anonymous reader shares a report: When Microsoft updated its Teams communication app with a more sophisticated way to give PowerPoint presentations in January, the company published a 500-word blog post on the feature. People could read the blog post and try to figure out how to use it, or they could consult YouTube. On the video service owned by arch-rival Google, a former Microsoft employee named Kevin Stratvert published a video on Presenter Mode to his more than 800,000 subscribers, garnering more than 180,000 views and hundreds of comments. Microsoft itself had not published a video on the topic. "I've built a Microsoft audience," Stratvert said in an interview with CNBC. "Microsoft content drives a lot more viewership than non-Microsoft content. I've done Gmail and a few others, but they haven't done quite as well."

[...] Historically, developing and maintaining products has been the core of Microsoft. Today nearly 50% of employees work in engineering. Marketing is a considerably smaller part of the business, and employees work on ads, materials for Microsoft's website, events and other methods of promotion. In the past few years, a group inside Microsoft began focusing more on YouTube. "On YouTube specifically, we're starting to explore the concept of what it looks like to do something native to YouTube," Sonia Atchison, a market research lead who worked on the Microsoft Creators Program, said on a podcast last year. People often turn to YouTube when they want to get a better understanding of Microsoft software, and while Microsoft has plenty of its own videos available on YouTube, they don't always come up at the top of the site's search results, Atchison said. Videos from outsiders can receive higher rankings. Sometimes a video from a Microsoft employee might be there. The company does have employees with large audiences, including Mike Tholfsen, a 26-year company veteran whose videos show how teachers and students can use Teams and other applications.

Broadcom is in talks to buy SAS, WSJ reported Monday, citing people familiar with the matter, in the latest move by the acquisitive technology giant to beef up in enterprise software. From the report: A deal, which would value closely held SAS in the range of $15 billion to $20 billion, could be finalized in the coming weeks assuming the talks don't fall apart, the people said. That number is so-called enterprise value, some of the people said, which typically includes assumed debt and is adjusted for cash on the target's balance sheet. Broadcom has a market value of nearly $200 billion after its shares have risen around 50% over the past year.

Microsoft said it has agreed to acquire RiskIQ, a security software maker, as the tech giant tries to expand its products and better protect customers amid a rising tide of global cyberattacks. From a report: The company announced the deal Monday on its web site and didn't disclose terms. Bloomberg on Sunday reported the purchase, citing people familiar with the matter. Microsoft is paying more than $500 million in cash for the company, said one of the people, who declined to be named discussing confidential matters. San Francisco-based RiskIQ makes cloud software for detecting security threats, helping clients understand where and how they can be attacked on complex webs of corporate networks and devices. Its customers include Facebook, BMW, American Express and the U.S. Postal Service, according to the company's web site.

"The giant ransomware attack against Kaseya might have been entirely avoidable," writes Engadget: Former staff talking to Bloomberg claim they warned executives of "critical" security flaws in Kaseya's products several times between 2017 and 2020, but that the company didn't truly address them... Employees reportedly complained that Kaseya was using old code, implemented poor encryption and even failed to routinely patch software. The company's Virtual System Administrator, the remote maintenance tool that fell prey to ransomware, was supposedly rife with enough problems that workers wanted the software replaced.

One employee claimed he was fired two weeks after sending executives a 40-page briefing on security problems. Others simply left in frustration with a seeming focus on new features and releases instead of fixing basic issues. Kaseya also laid off some employees in 2018 in favor of outsourcing work to Belarus, which some staff considered a security risk given local leaders' partnerships with the Russian government.

Kaseya has declined to comment...

The company's software was reportedly used to launch ransomware at least twice between 2018 and 2019, and it didn't significantly rethink its security strategy.
Engadget adds the Kaseya's software "was reportedly used to launch ransomware at least twice between 2018 and 2019, and it didn't significantly rethink its security strategy."

CoinDesk reports that "A project is in the works to make the Tor Client more adaptable and easier for third parties to use, with some help from Zcash Open Major Grants (ZOMG)." ZOMG announced on Tuesday that it is awarding the privacy-focused Tor Project a $670,000 grant to continue to develop Arti, a Rust coding language implementation of the Tor Client... Arti should make it simpler for third parties to embed and customize the Tor Client than the current implementation in the C coding language... "Arti is a project to make an improved version of Tor that will be more reliable, more secure, and easier for other software to use," said Nick Mathewson, chief network architect and co-founder of the Tor Project. "We hope that within the next several years, Arti will become the preferred implementation of the Tor protocols...."

"Onion routing has just had its 25th anniversary in May, and although Tor is a great set of privacy tools, the C program 'tor' itself (note the lowercase t) is beginning to show its age," Mathewson said. "We've found over the recent years that the complexity of the existing C code, and the fragility of the C language, make it unnecessarily difficult to improve the code while maintaining our security and privacy guarantees....

"Roughly half of Tor's security issues since 2016 would have been impossible in Rust, and many of the other issues would have been much less likely, based on our informal audit," he said...

The funding will go toward developer salaries as they develop Arti. Mathewson said the goal with this round of funding is to advance Arti to the point where it is ready for general use, testing and embedding.

The TIOBE index of programming language popularity celebrates 20 years of continuous publishing this month. Started as a hobbyist project back in 2001, the site estimates each programming language's popularity by counting search engine results for the phrase <language> programming (indirectly counting each listing for developers, courses, and third-party vendors).

When it was started 20 years ago, the top languages were Java, C, and C++.

20 years later, the top languages are now C, Java, Python, and C++

And "The difference between position 1 and position 3 is only 0.67%." This means that the next few months will be exciting. What language is going to win this battle? Python seems to have the best chances to become number 1, thanks to its market leadership in the booming field of data mining and artificial intelligence.
ZDNet also noted the trends: Searches for C were down 4.83 percentage points compared to last July. Java searches were down 3.93% over the period, while Python gained 1.86%.

The top 10 languages behind C, Java and Python are C++, C#, Visual Basic, Javascript, PHP, Assembly Language, and SQL.
But they also have this to say about TIOBE's calculations: It's a different methodology to developer analyst RedMonk, which looks at language usage on software projects hosted on GitHub and discussions on the developer Q&A site, Stack Overflow.

RedMonk's Q1 2021 rankings place JavaScript in top place, followed by Python and Java.

Other interesting moves this month:

• C++ gained more than 0.5% getting closer to the top 3
• Rust rose from #30 to #27
• Go rose from #20 to #13
• TypeScript rose from #45 to #37
• Haskellrose rose from #49 to #39

Long-time Slashdot reader AmiMoJo shared this report from the Verge: Microsoft is gifting its employees a $1,500 pandemic bonus. In an internal memo seen by The Verge, the software giant says this one-time bonus "is in recognition of the unique and challenging fiscal year that Microsoft just completed."

Microsoft's chief people officer, Kathleen Hogan, announced the gift to employees Thursday, and it will apply to all eligible employees in both the U.S. and internationally. Microsoft is gifting this bonus to all staff below corporate vice president level that started on or before March 31st, 2021, including part-time workers and those on hourly rates. Microsoft has 175,508 employees worldwide, but LinkedIn, GitHub, and ZeniMax employees are not eligible for the bonus, despite Microsoft owning these three separate companies. As a result, we understand it's a gift of around $200 million, or less than two days' worth of profit for Microsoft.
The article also notes similar gifts given to employees at Facebook, BT, and Vox Media, as well as Amazon's $300 holiday bonus to frontline workers.

And GitHub did do something special for its employees, according to the company's holiday FAQ: The pandemic brought unprecedented challenges, revolutionizing the way our customers and open source community build software. We have watched our employees step up...while also balancing the unique complexities of remote work, children, health, and more. We recognize that our employees are our greatest asset, so to give back to our employees who give so much, we will be taking company wide wellbeing days July 5-9, as well as six Fridays in July and August.

GitHub is committed to providing our customers with high-quality customer support and will have staff available to assist should an issue arise, however you may experience a delayed response during these dates.

To ensure a seamless developer experience, we recommend that you refrain from upgrading between June 28 and July 9.

"By 2030, technology will have advanced to the point that even the idea of owning objects might be obsolete," argues a thought-provoking new piece by Gizmodo's consumer tech reporter: Back in 2016, the World Economic Forum released a Facebook video with eight predictions it had for the world in 2030. "You'll own nothing. And you'll be happy," it says. "Whatever you want, you'll rent. And it'll be delivered by drone...."

In some ways, not owning things is easier. You have fewer commitments, less responsibility, and the freedom to bail whenever you want. There are upsides to owning less. There's also a big problem... The reality is when you buy a device that requires proprietary software to run, you don't own it. The money you hand over is an entry fee, nothing more. When everything is a lease, you also agree to a life defined by someone else's terms... When hardware is merely a vessel for software and not a useful thing on its own, you don't really get to decide anything. A company will decide when to stop pushing vital updates. It might also decide what you do with the product after it's "dead...." The power has shifted so that companies set the parameters, and consumers have to make do with picking the lesser of several evils...

You can trace much of this back to Section 1201 of the Digital Millennium Copyright Act (DMCA), which basically makes it illegal to circumvent "digital locks" that protect a company's proprietary software... One day in the future, if you buy a physical house, you will likely have to rent the software that operates it. You won't really have a say in the updates that get pushed out, or the features that get taken away. You'll have less of a say in when you renovate or upgrade, even if you want to continue using the house as is. You might not even have the right to do DIY repairs yourself. Just because you've bought a smart washing machine, doesn't mean you'll be allowed to repair it yourself if it breaks — or if you'll be allowed to pick which repair shop can fix it for you. You only have to look as far as John Deere, Apple, and General Motors. Each one of these companies has argued that people who bought their products weren't allowed to repair them unless they were from a pre-approved shop.

The scary thing is that only sounds terrible if you have the mental energy to care about principles.

Making decisions all the time is difficult, and it's easier when someone else limits the options you can choose from. It's not hard to turn a blind eye to a problem if, for the most part, your life is made a little simpler. Isn't that what every tech company says it's trying to do? Make your life a little simpler? Life is hard enough already, and living in a home that maintains itself so long as you hand over control — well, by 2030, who's to say that's not what we'll all want?

"First SolarWinds, now Kaseya. SaaS software heavily used by managed service providers (MSPs) has now been the target of two successful cyberattacks," writes Slashdot reader storagedude.

He shares a ChannelInsider article reporting the Kaseya ransomware attack compromised roughly 1,500 "downstream" businesses — and that now managed service providers "are reassessing their approaches to managing IT" after their own upstream vendors were breached: In many cases, rather than assuming the platforms that MSPs employ are secure, end customers will now require them to prove it via an audit of their software supply chains, says James Shank, Chief Architect of Community Services for Team Cymru, a provider of threat intelligence tools employed to conduct such audits. Shank, who also served on the Ransomware Task Force Committee set up by The Institute for Security and Technology, notes that MSPs should also assume attacks will only get worse before they get any better. "This is not the end or the middle," he says. "It's only the beginning."

Others, however, don't think there will be any widespread mandate to audit IT supply chains in the absence of any government requirement. Most organizations are simply not going to conduct or require extensive audits because of the time, effort, money and expertise required, says Mike Hamilton, chief information security officer (CISO) for Critical Insight, a provider of a managed detection and response platform.

"American companies are not going to do that unless someone holds their feet to the fire," he says.

The challenge that creates for MSPs and their customers is it may force them to continue to place too much trust in IT platforms provided to them by a vendor, says Chris Grove, technology evangelist for Nozomi Networks, a provider of security tools for monitoring networks. "These platforms are over-trusted," he says.

The decision many MSPs are specifically wrestling with is the degree to which they should continue to rely on IT service management (ITSM) platforms from an IT vendor that might be compromised by malware versus building and securing their own custom platform. The latter approach is not immune to malware but might be less of a target as cybercriminals increasingly focus their efforts on platforms that enable them to wreck greater downstream havoc. Alternatively, MSPs could switch to IT service management platforms provided by vendors that don't have enough market share to attract the attention of cybercriminals... Building an IT service management platform from scratch naturally requires a level of investment many MSPs lack the funding or expertise to make, notes Eldon Sprickerhoff, chief innovation officer for eSentire, a provider of a managed detection and response platform. "It's a difficult situation," he says.BR> The article points out that few small- to medium-sized businesses can afford their own internal IT security team.

Slashdot reader storagedude then suggests "on-premises installed and managed software could get another look as a result of the attacks," while vendors who can prove high levels of security "could gain a market advantage."

A few months ago PC Magazine explained eSIMs: You almost certainly have a SIM card: a thumbnail-sized chip that sits in your mobile phone, telling it which carrier and what phone number you use. Now those SIMs are going digital (or "e") and moving your information to a reprogrammable, embedded chip.

A SIM card is a "subscriber identity module." Required in all GSM, LTE, and 5G devices, it's a chip that holds your customer ID and details of how your phone can connect to its mobile network... An eSIM takes the circuitry of a SIM, solders it directly to a device's board, and makes it remotely reprogrammable through software... There are some minor consumer downsides, though. With eSIMs, it's harder to switch one plan between devices — you can't just swap the physical card around — and they can make it harder for you to temporarily remove your SIM if you don't want to be tracked by a carrier.

Google's Pixels have had eSIMs since 2017, and Apple's iPhones have had them since 2018...
Now let's see how long-time Slashdot reader shanen feels about them: Shopping for a new smartphone due to premature battery swelling of a cheapie, but surprised to find out I can't just plug the SIM into a new phone. There ain't no SIM here, but rather the dying phone has an eSIM.... Quick research indicated it's only software, so my obvious question is "How secure can an eSIM be?" (The obvious search results also fail to produce "fresh" results.)

But the black hats have already had a couple of years to work on the problem, and it seems intrinsically difficult to do anything securely if you're only using software. My probably obsolete understanding is that part of the basis of SIM security is that you'd have to destroy the SIM to save its data, but is there an actual security expert in the house?

Related question based on my surprise. How would you even know if you're using an eSIM? Especially since it appears to be possible to use an eSIM on a phone with a SIM.
Share your own thoughts and opinions in the comments.

How secure is an eSIM?

"The Rust for Linux project, sponsored by Google, has advanced..." reported the Register earlier this week: A new set of patches submitted to the Linux kernel mailing list summarizes the progress of the project to enable Rust to be used alongside C for implementing the Linux kernel. The progress is significant.

- ARM and RISC-V architectures are now supported, thanks to work on rustc_codgen_gcc, which is a GCC codegen for rustc. This means that rustc does the initial compilation of Rust code but GCC (the GNU Compiler Collection) does the backend compilation, enabling support for the architectures that GCC supports...

- Overall, "the Rust support is still to be considered experimental. However, as noted back in April, support is good enough that kernel developers can start working on the Rust abstractions for subsystems and write drivers and other modules," continued project leader Miguel Ojeda, a computer scientist at CERN in Geneva, Switzerland, now working full time on Rust for Linux...

There is substantial support for the project across the industry. Google said in April "we feel that Rust is now ready to join C as a practical language for implementing the kernel" and that it would reduce the number of potential bugs and security vulnerabilities. Google is sponsoring Ojeda to work full time on the project for a year, via the ISRG (Internet Security Research Group), which said last month that it is part of "efforts to move the internet's critical software infrastructure to memory safe code," under the project name Prossimo. The ISRG is also the nonprofit organisation behind Let's Encrypt free security certificates. Ojeda also mentioned that Microsoft's Linux Systems Group is contributing and hopes to submit "select Hyper-V drivers written in Rust." Arm is promising assistance with Rust for Linux on ARM-based systems. IBM has contributed Rust kernel support for its PowerPC processor.

More detail is promised at the forthcoming Linux Plumber's Conference in September. In the meantime, the project is on GitHub here.
"In addition, we would like to announce that we are organizing a new conference that focuses on Rust and the Linux kernel..." Ojeda posted. "Details will be announced soon." And for context, the Register adds: Linus Torvalds has said on several occasions that he welcomes the possibility of using Rust alongside C for kernel development, and told IT Wire in April that it is "getting to the point where maybe it might be mergeable for 5.14 or something like that."

For some reason, Samsung apps designed to control internet-connected washer and dryers require "bogus," "absurd," "unacceptable," "pesky," and "awful" permissions. Motherboard reports: On Wednesday, a Reddit user complained that their washing machine app, the Samsung Smart Washer, wouldn't work "unless I give it access to my contacts, location and camera." This is a common complaint. "When I launch the app, the damned thing wants all sort of permissions: location, phone calls, media, and ... contacts??? The app won't work without these permissions," another Reddit user grumbled last year, referring to another Samsung app -- called Smart Home -- that requires the same seemingly exaggerated permissions. "Why would the Samsung Smart Home app need access to my contacts?" The reviews for these two apps, both of which have more than a million installs according to their stats on the Google Play store, aren't very positive either. The Smart Washer App has an average of 2.1 stars, thanks to a slew of reviews that mention the unnecessary permissions.

These situations speak to two issues: Apps that demand permissions that they don't need, and "smart" and internet of things devices that make formerly simple tasks very complicated, and open up potential privacy and security concerns. [...] It's unclear why apps that are designed to let you set the type of washing cycle you want, or see how long it's gonna take for the dryer to be done, would need access to your phone's contacts. In an FAQ for another Samsung app, the company says it needs access to contacts "to check if you already have a Samsung account set up in your device. Knowing this information helps mySamsung to make the sign-in process seamless." The report recommends using a newer app called SmartThings App, "which has less invasive permission requirements compared to the older apps." The SmartThings app doesn't list any required permissions, indicating that "you can use the app without optional permissions, but some functions may be limited."

Volkswagen, Audi, Porsche, BMW, and Mercedes-Benz parent company Daimler spent years illegally colluding to slow the deployment of cleaner emissions technology, says the European Union, which is dishing out fines as a result. From a report: The EU's executive branch hit the Volkswagen Group (which owns Audi and Porsche) and BMW with a collective $1 billion fine on Thursday for their role in the scheme. Volkswagen Group must pay $595 million, while BMW will pay $442 million. Daimler, however, evaded a $861 million fine of its own because the automaker revealed the collusion to the regulators.

The scheme described by EU authorities is separate from the Volkswagen Group's massive Dieselgate scandal, in which the company installed software on its diesel vehicles that helped fool environmental regulators into believing they were compliant, when in reality, they were polluting far more than the legal limit. Dieselgate ultimately led to nearly $40 billion in fines, buybacks, and legal fees for the Volkswagen Group. Daimler also installed software on some of its diesel vehicles to cheat emissions tests and has paid billions of dollars in fines. BMW was careful to point out Thursday that, unlike the other companies it was caught colluding with, it had not cheated emissions testing.

The computer code behind the massive ransomware attack by the Russian-speaking hacking ring REvil was written so that the malware avoids systems that primarily use Russian or related languages, according to a new report by a cybersecurity firm. NBC News reports: It's long been known that some malicious software includes this feature, but the report by Trustwave SpiderLabs, obtained exclusively by NBC News, appears to be the first to publicly identify it as an element of the latest attack, which is believed to be the largest ransomware campaign ever. "They don't want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way," said Ziv Mador, Trustwave SpiderLabs' vice president of security research.

Trustwave said the ransomware "avoids systems that have default languages from what was the USSR region. This includes Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian, Russian Moldova, Syriac, and Syriac Arabic." In May, cybersecurity expert Brian Krebs noted that ransomware by DarkSide, the Russia-based group that attacked Colonial Pipeline in May, "has a hard-coded do-not-install list of countries," including Russia and former Soviet satellites that mostly have favorable relations with the Kremlin. In general, criminal ransomware groups are allowed to operate with impunity inside Russia and other former Soviet states as long as they focus their attacks on the United States and the West, experts say. Krebs noted that in some cases, the mere installation of a Russian language virtual keyboard on a computer running Microsoft Windows will cause malware to bypass that machine.

An anonymous reader shares a report: As we carefully map the stars of our Milky Way, we're able to identify features that tell us of its history. These include local details, such as the stars that have passed through an area from which something would be able to detect Earth. And it includes far larger structures, like the trails of stars left behind by smaller galaxies that have merged with our own. But one feature we've discovered has been a bit confusing: trails of stars that are too small and thin to have come from a galaxy collision. There are dozens of them that we've not identified a source for. Their size suggests they came from a globular cluster, but there's no obvious mechanism for these clusters to eject stars at a rate sufficient to generate this sort of stream. Now, a team of researchers has suggested a not-so-obvious mechanism: Over time, clusters may become dominated by black holes that eject all the stars.

Globular clusters are dense groups of stars that orbit the Milky Way together. They're held in association by their mutual gravity. Complex interactions will inevitably eject some of the stars, but not at an appreciable rate, which makes the clusters extremely long-lived. The researchers started their work, however, by looking at an unusual globular cluster called Palomar 5. It has both extended tails of lost stars, and its total mass is relatively small, making it diffuse compared to other clusters we've studied. The lower density makes it easier for Palomar 5 to lose stars, but it could also have been caused by past star loss, creating a bit of a chicken-and-egg problem. So, the researchers decided to model globular cluster evolution and try to find a model that could produce something that looks like Palomar 5. The researchers created a model that takes a cluster of stars and models their gravitational interactions with each other and the Milky Way as they orbit the galactic center. Thanks to some help from a cluster of GPUs and the right software, they were able to run these simulations for billions of years. By changing the parameters, they could find which factors were associated with clusters that ended up looking like Palomar 5.

Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, Bloomberg News reported Tuesday, citing two people familiar with the matter. From the report: The government hackers were part of a group known as APT 29 or Cozy Bear, according to the people. That group has been tied to Russia's foreign intelligence service and has previously been accused of breaching the Democratic National Committee in 2016, and of carrying out a supply-chain cyberattack involving SolarWinds Corp., which infiltrated nine U.S. government agencies and was disclosed in December. It's not known what data the hackers viewed or stole, if anything. An RNC spokesman on Tuesday denied its systems were breached and referred to an earlier statement.

"Microsoft informed us that one of our vendors, Synnex, systems may have been exposed," Mike Reed, a spokesman for the RNC, said on Saturday. "There is no indication the RNC was hacked or any RNC information was stolen. We are investigating the matter and have informed DHS and the FBI." The attack on the RNC, coupled with the recent ransomware attack, is a major provocation to President Joe Biden, who warned Russian President Vladimir Putin about cyberattacks at a June 16 summit. It's not clear if the attack on the RNC is connected in any way to the ransomware attacks, which exploited multiple previously unknown vulnerabilities in software from Miami-based Kaseya Ltd.

President Joe Biden will direct the U.S. Federal Trade Commission to draft new rules aimed at stopping manufacturers from limiting consumers' ability to repair products at independent shops or on their own, Bloomberg reported Tuesday, citing a person familiar with the plan. From the report: While the agency will ultimately decide the size and scope of the order, the presidential right-to-repair directive is expected to mention mobile phone manufacturers and Department of Defense contractors as possible areas for regulation. Tech companies including Apple and Microsoft have imposed limits on who can repair broken consumer electronics like game consoles and mobile phones, which consumer advocates say increases repair costs. The order is also expected to benefit farmers, who face expensive repair costs from tractor manufacturers who use proprietary repair tools, software, and diagnostics to prevent third-parties from working on the equipment, according to the person, who requested anonymity to discuss the action ahead of its official announcement.

Anyone deciding to download the free and open-source audio editor Audacity is being warned that the software may now be classified as spyware due to recent updates to its privacy policy. From a report: Audacity has been around for over 21 years and classes as the world's most popular audio editing software. On April 30, the Muse Group acquired Audacity with the promise that the software would "remain forever free and open source." However, as FOSS Post reports, last week the Audacity privacy policy page was updated and introduced a number of personal data collection clauses. The data collected includes OS version and name, user country based on IP address, the CPU being used, data related to Audacity error codes and crash reports, and finally "Data necessary for law enforcement, litigation and authorities' requests (if any)." The personal data collected can be shared with Muse Group employees, auditors, advisors, legal representatives and "similar agents," potential company buyers, and "any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights."
UPDATE: Ars Technica's Jim Salter disagrees, pointing out that "neither the privacy policy nor the in-app telemetry in question are actually in effect yet," and that the company now plans to self-host its telemetry sessions rather than using third-party libraries and hosting.

The hackers who have claimed responsibility for an international ransomware outbreak have lowered their asking price in a private conversation with a cybersecurity expert, something he said may be a sign the group was having trouble monetizing their massive breach. From a report: The REvil ransomware gang, also known as Sodinokibi, is publicly demanding $70 million to restore the data it's holding ransom after their data-scrambling software affected hundreds of small and medium businesses across a dozen countries - including schools in New Zealand and supermarkets in Sweden. But in a conversation with Jack Cable of the cybersecurity-focused Krebs Stamos Group, one of the gang's affiliates said he could sell a "universal decryptor" for all the victims for $50 million. Cable told Reuters he managed to get through to the hackers after obtaining a cryptographic key needed to log on to the group's payment portal. Reuters was subsequently able to log on to the payment portal and chat with an operator who said the price was unchanged at $70 million "but we are always ready to negotiate."

It's now being called "the single biggest global ransomware attack on record," with thousands of victims in at least 17 different countries breached with ransomware Friday, reports the Associated Press, citing new details provided by cybersecurity researchers.

An affiliate of the Russia-linked gang REvil deployed the ransomware "largely through firms that remotely manage IT infrastructure for multiple customers." A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported... The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit. In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported...

CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like "dental practices, architecture firms, plastic surgery centers, libraries, things like that." Voccola said in an interview that only between 50-60 of the company's 37,000 customers were compromised. But 70% were managed service providers who use the company's hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks...

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a "zero day," the industry term for a previously unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing. "The level of sophistication here was extraordinary," he said. When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn't just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software...

Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
The attacks may have been timed to exploit America's three-day weekend celebrating the nation's founding, according to experts interviewed by the Associated Press. America's National Security advisor is now urging all who believed they were compromised to alert the FBI.

"The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat."

UPDATE: Bleeping Computer notes the exploited vulnerability "had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers."

In a statement today, DIVD posted that "During the last 48 hours, the number of Kaseya VSA instances that are reachable from the internet has dropped from over 2,200 to less than 140 in our last scan today... A good demonstration of how a cooperative network of security-minded organizations can be very effective during a nasty crisis."