Maxi ransomware attack in the United States. Hundreds of companies would have been affected, reports the Washington Post. But probably many more would have been affected. Hackers on Friday night targeted Kaseya, a US information technology company. The company confirmed that it was hit by a “sophisticated cyber attack” on its VSA software, a set of tools used by IT departments to manage and monitor computers remotely. The company said only about 40 customers were affected.
But since Kaseya’s software is used by large IT companies offering contract services to hundreds of small businesses, the hacking may have spread to thousands of victims. Kaseya has warned all of its nearly 40,000 customers to immediately disconnect Kaseya software. Cyber security firm Huntress Labs said it tracked down 20 IT companies, known as managed service providers, that were affected. Over 1,000 of these companies’ customers, mostly small businesses, were affected by the hack, Huntress Labs said on Reddit.
“I wouldn’t be surprised if it were thousands of companies,” said Fabian Wosar, chief technology officer of Emsisoft, a company that provides software and consulting to help organizations defend against ransomware attacks. “We don’t know yet because of the long weekend in the United States” on the occasion of the 4th of July national holiday celebrations. Due to the large number of companies potentially affected, the attack could prove to be one of the largest in history. The researchers argued that REvil, the same hacker group that attacked Jbs Meats earlier this year, is responsible for the attack. The cyberattack could increase tensions between the US and Russia, as it comes just weeks after US President Joe Biden met with Russian President Vladimir Putin in Geneva, warning him that the US would hold Moscow responsible for cyber attacks from Russia. .
Unlike most ransomware attacks (a type of malware that restricts access to the device it infects, requiring a ransom to be paid to remove the restriction) it does not appear that REvil attempted to steal sensitive data before blocking its victims, Wosar said.
“We believe we have identified the source of the vulnerability and are preparing a patch to mitigate it,” said Kiyesa CEO Fred Voccola. The researchers said cybercriminals sent two separate ransom demands on Friday, demanding $ 50,000 from smaller companies and $ 5 million from larger ones. Meanwhile, the US federal Cybersecurity and Infrastructure Security Agency is taking steps to deal with the attack.
Ransomware attacks increased significantly in frequency and severity during 2020. A report by a task force of over 60 experts said that nearly 2,400 of the country’s governments, health systems and schools were affected by ransomware in 2020. The organizations paid attackers over $ 412 million. in ransom payments last year, according to analyst firm Chainalysis. After an attack on the Colonial Pipeline in May, the US government urged American companies to strengthen their cybersecurity.