Hackers carried out an extortionate cyberattack against the US software company Kaseya just before the long weekend in the United States, potentially affecting more than a thousand companies through their IT management program.
The first direct consequence of the attack was that a large Swedish supermarket chain had to close more than 800 stores after its boxes were paralyzed.
At the moment it is difficult to estimate the real scope of the attack with ransomware, a type of program that paralyzes a company’s computer systems and then demands a reward in exchange for unlocking.
Por noticed around noon on Friday a possible incident in his VSA software, he assured that he had been able to circumscribe it “to less than 40 clients worldwide.”
But the latter provide services to other companies, allowing hackers to multiply their attack. According to the computer security company Huntress Labs, “more than a thousand companies” have been affected by this ransomware.
“Based on the number of IT (information technology) service providers asking us for help and the feedback we see in this thread, it’s reasonable to think that it could impact thousands of small businesses,” Huntress Labs notes in a forum post Reddit.
“We do not have data at this time on the number of companies affected,” said Brett Callow, cybersecurity expert at Emsisof. But the scale of the attack is probably “unprecedented.”
Based in Miami, Kaseya, which claims to have more than 40,000 customers, offers IT tools to companies, including VSA software to manage the network of servers, computers and printers from a single source.
US Authorities Observe Review Attacks
Attacks of ransomware have become frequent and the United States has been particularly affected in recent months by operations against large companies such as the meat giant JBS and the oil pipeline operator Colonial Pipelineas well as local communities and hospitals.
Many experts think that the hackers behind these attacks are usually based in Russia. Moscow, suspected of covering or even being associated with their activities, denies any involvement.
But the phenomenon is growing so much that it was one of the main points raised by US President Joe Biden during his meeting in mid-June with his Russian counterpart, Vladimir Putin.
“The first thought was that it was not the Russian government, but we are not sure,” said Biden, who on Saturday ordered an investigation. “This latest attack of ransomware affecting hundreds of companies is a reminder to the United States government, who should fight against these groups of cybercriminals foreigners, “said Christopher Roberti, director of cybersecurity at the United States Chamber of Commerce.
The US Cybersecurity and Infrastructure Security Agency (CISA) “is closely monitoring the situation,” said Eric Goldstein, one of its executives.
“We are working with Kaseya and coordinating with the FBI to find the victims” of the ransomware, he added in a sent message.
An increase in the number of attacks
The nature of the attack is similar to that suffered by software publisher SolarWinds, which affected government organizations and companies in the United States in late 2020.
Except that the latter, attributed by Washington to the Russian secret services, was rather “with a logic of espionage, while we are here in extortion logic“said Gerome Billois, a cybersecurity expert at the Wavestone consultancy.
Huntress Labs assured that, based on the methods used, the type of ransomware and the internet address provided, the hackers are part of the group of hackers known as REvil or Sodinokibin. The FBI attributed the attack on JBS in late May to that group.
The cyber attack on Kaseya is “one of the most important and vast I have seen in my career“said Alfred Saikali of the Shook, Hardy & Bacon law firm, used to dealing with these kinds of situations.
In general, it is recommended not to pay the ransom, he stressed. But sometimes especially when data cannot be backed up, “there is no other option”he admitted.
If multiple companies choose to pay, it is not certain that the hacker group “has the ability to handle simultaneous conversations,” Brett Callow said. “If they have to queue to negotiate, the lost time can be very expensive,” he claimed.