Hundreds of American companies have been hit Friday by an unusually refined ransomware assault that hijacked broadly used know-how administration software program from a Miami-based provider known as Kaseya. The attackers modified a Kaseya software known as VSA, utilized by corporations that handle know-how at smaller companies. They then encrypted the information of these suppliers’ clients concurrently.
Kaseya said its VSA tool, which is used by IT professionals to monitor and manage servers, desktops, network devices and printers, may have been attacked. It said it had shut down some of its infrastructure in response and that it was urging customers that used VSA on their premises to immediately turn off their servers.
“This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.
Huntress said it believed the Russia-linked REvil ransomware gang — the same group of actors blamed by the FBI for paralyzing meatpacker JBS last month — was to blame for the latest ransomware outbreak. An email sent to the hackers seeking comment was not immediately returned. In a statement, the U.S. Cybersecurity and Infrastructure Security Agency said it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya’s VSA product. Supply chain attacks have crept to the top of the cybersecurity agenda after hackers alleged to be operating at the Russian government’s direction tampered with a network monitoring tool built by Texas software firm SolarWinds.
In a news interview recently, FBI Director Christopher Wray compared the ransomware threats as similar to security challenges posed by the largest crime scenes in FBI history, the 9/11 terrorist attacks that claimed the lives of 3,000 Americans and overseas nationals. Highlighting the potential threat posed by cyberterrorism that had partaken in the attacks of 9/11—which the FBI probed under the code name “PENTTBOM,” Wray told WSJ, “There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” as he pointed to the Russian hackers. There are at least 100 different malicious software variants that exist, every single one was responsible for multiple ransomware attacks in the US, Wray said in a report.