Ransom ware breach at Florida IT firm hits 200 businesses
Send a link to a friend
 [July 03, 2021] By
Raphael Satter and Joseph Menn
WASHINGTON (Reuters) -Hundreds of American
businesses were hit Friday by an unusually sophisticated ransomware
attack that hijacked widely used technology management software from a
Miami-based supplier called Kaseya.
The attackers changed a Kaseya tool called VSA, used by companies that
manage technology at smaller businesses. They then encrypted the files
of those providers' customers simultaneously.
Security firm Huntress said it was tracking eight managed service
providers that had been used to infect some 200 clients.
Kaseya said on its own website that it was investigating a "potential
attack" on VSA, which is used by IT professionals to manage servers,
desktops, network devices and printers.
It said it shut down some of its infrastructure in response and that it
was urging customers that used VSA on their premises to immediately turn
off their servers.
"This is a colossal and devastating supply chain attack," Huntress
senior security researcher John Hammond said in an email, referring to
an increasingly high profile hacker technique of hijacking one piece of
software to compromise hundreds or thousands of users at a time.
Hammond added that because Kaseya is plugged in to everything from large
enterprises to small companies "it has the potential to spread to any
size or scale business." Many managed service providers use VSA,
although their customers may not realize it, experts said.
Some employees at service providers said on discussion boards that their
clients had been hit before they could get a warning to them.
[to top of second column] |
Computer network equipment is seen in a server room in Vienna,
Austria, October 25, 2018. REUTERS/Heinz-Peter Bader
Reuters was not able to reach a Kaseya representative for further comment.
Huntress said it believed the Russia-linked REvil ransomware gang - the same
group of actors blamed by the FBI for paralyzing meat packer JBS last month -
was to blame for the latest ransomware outbreak.
DEMANDS FOR RANSOM
A private security executive working on the response effort said that ransom
demands accompanying the encryption ranged from a few thousand dollars to $5
million or more.
The corruption of an update process shows a marked escalation in sophistication
from most ransomware attacks, which take advantage of security loopholes such as
common passwords without two-factor authentication.
An email sent to the hackers seeking comment was not immediately returned. In a
statement, the U.S. Cybersecurity and Infrastructure Security Agency said it was
"taking action to understand and address the recent supply-chain ransomware
attack" against Kaseya's VSA product.
Supply chain attacks have crept to the top of the cybersecurity agenda after the
United States accused hackers of operating at the Russian government's direction
and tampering with a network monitoring tool built by Texas software firm
SolarWinds.
Kaseya has 40,000 customers for its products, though not all use the affected
tool.
(Reporting by Raphael Satter and Joseph Menn in San Francisco; Editing by Leslie
Adler, Aurora Ellis and Alistair Bell)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
