Ransomware attack on software company Kaseya threatens businesses around the world

James Martin / CNET

Following recent ransomware attacks that destroyed a major gas pipeline and a major meat producer in the United States, a new attack has surfaced, this time hitting a Miami-based company that provides technical management tools to organizations in the United States. whole world. Hundreds of businesses, including a railway, a drugstore chain and a grocery chain in Sweden, were reportedly affected by the attack on software company Kaseya, which posted alerts on its site Friday and Saturday.

“We have been informed by our external experts, that customers who have experienced ransomware and are receiving communications from attackers should not click on any links – they can be armed,” the company said in its latest alert, adding that it was working with The FBI to fight the cyberattack.

The attack involves a Kaseya product called VSA, which among other things allows small and medium-sized businesses to monitor their computer systems remotely and automatically take care of routine server maintenance and security updates.

Less than 40 customers were affected by the cyber attack, the CEO of the company said The New York Times, but some of them are managed service providers, who can provide IT tools to hundreds of businesses. The Times said one of Sweden’s largest grocery chains, Coop, had to close at least 800 of its stores as a result of the attack. Kaseya says more than 40,000 organizations around the world use at least one of its products, but not necessarily the VSA offer.

Ransomware attacks, where hackers hijack systems and hold networks and data for ransom, have become an increasingly alarming phenomenon. Last month, one of the biggest meat producers in the United States, JBS, paid a ransom of $ 11 million in an attack that temporarily shut down its processing plants. And in May, Colonial Pipeline revealed it needs to shut down the main pipeline carrying gas to the densely populated east coast of the United States due to an attack. Colonial paid pirates a ransom of $ 4.4 million, Although the The Justice Department later said it had recovered part of the payment. Some of the victims of the Kaseya VSA attack saw ransom demands of $ 5 million, the Times reported.

Besides the financial impact, such attacks, which also affected hospitals, banks and municipal governments, raised concerns about the vulnerability of critical infrastructure. Shortly after the colonial pipeline attack came to light, US President Joe Biden signed a executive order to improve U.S. cybersecurity defenses. The Biden administration also said it plans to launch a task force to crack down on hackers who use ransomware.

And at Biden’s summit last month with Russian President Vladimir Putin, one of the main talking points was cyber attacks on critical infrastructurewhether launched by nation states or hacking gangs within their borders. The Wall Street Journal reported that REvil, the same group of hackers behind the attack on meat producer JBS, was responsible for the VSA cyberattack. Reuters also reported on Saturday that a security firm believed Russia-linked REvil was responsible. The news agency said Biden asked intelligence agencies to look into the case.

“The original thought was that it wasn’t the Russian government but we’re not sure yet,” Biden said, according to Reuters. “If it’s either with knowledge and / or a consequence of Russia, then I told Putin we will answerBiden said, referring to the previous summit. Biden said he would be briefed on Kaseya’s attack on Sunday, the news agency added.

The Russian Embassy in Washington did not immediately respond to a request for comment.

Both Kaseya and the USA Cybersecurity and Infrastructure Agency advised customers running VSA software on their servers to shut down those servers. Asked for additional information about the VSA attack, Kaseya said he shared his latest updates on his website and via social media.

Source link

Leave a Comment