Recently a major gas pipeline and a major meat producer in the US were taken down by ransomware attacks. Now, we have a new assault, CNet reports. This time the hackers hit a Miami-based company that provides tech-management tools to organizations worldwide.
Hundreds of companies, including a railway, pharmacy chain, and grocery chain in Sweden, have reportedly been affected by the attack on software company Kaseya.
Information technology company Kaseya warned 40,000 clients that there was a “potential attack” on its VSA tool, which is used to manage computers remotely.
The company posted a security advisory to its help desk site, urging customers to shut down their servers running the service. They recommended that the customers shut down immediately.
Ransomware hits hundreds of US companies, security firm says
According to security experts, the REvil gang may be responsible for the attack that paralyzed at least 200 US companies Friday. Author: FRANK BAJAK (ERIC TUCKER and MATT O BRIEN Associated Press) Published: 8:09 PM EDT July 2, 2021 Updated: 8:09 PM EDT July 2, 2021
WASHINGTON A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers. Other researchers agreed with Hammond s assessment.
Updated July 2
Ransomware attack hits at least 200 U.S. companies
A major Russian-speaking syndicate appears to be behind the intrusion, according to a cybersecurity researcher whose company is responding to the incident.
By FRANK BAJAK, ERIC TUCKER and MATT O BRIENAssociated Press
Share
WASHINGTON A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers. Other researchers agreed with Hammond’s assessment.
REvil Ransomware Syndicate Allegedly Behind Holiday Weekend Hack of At Least 200 Companies
On 7/2/21 at 7:55 PM EDT
Ahead of the three-day Fourth of July weekend, the REvil gang is suspected to be behind a new ransomware attack Friday that affected at least 200 companies in the U.S.
REvil, based in Russia, was likely behind the JBS Meat Packing attack in May, according to the FBI. The Flashpoint Intelligence Platform has suggested that former REvil members were involved in the recent Colonial Pipeline attack earlier this year as well, allegedly done by the DarkSide ransomware group.
By launching an attack ahead of a three-day weekend, the hackers can take advantage of reduced numbers of IT workers available to fix the problems. The latest attack is on Kaseya, a network management company.
It was not immediately clear how many Kaseya customers might be affected or who they might be. Kaseya urged customers in a statement on its websiteto immediately shut down servers running the affected software. It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale. There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said. He was referring to a Russian cyberespionage hacking campaign discovered in December that spread by infecting network management software to infiltrate U.S. federal agencies and scores of corporations.