It has been reported that as many as 200 U.S. companies have been hit by a ransomware attack, according to a cyber security specialist. It was a ‘collossal’ hit!
It was reported by Huntress Labs that the hack targeted Florida based IT company Kaseya before spreading through corporate networks that use its software.
Kaseya said in a statement that it was investigating a ‘potential attack’.
Huntress Labs said it believed a Russian speaking or linked REvil ransomware group was responsible. It is not thought Russia was directly involved.
The U.S. Cyber security and Infrastructure Agency, said in a statement that it was taking action to address the attack.
The breach was discovered on Friday afternoon as companies across the U.S. were preparing for a long Independence Day weekend.
The two main things that are keeping cyber security professionals awake at night are ransomware, and supply chain attacks. This latest incident combines both nightmares into one big horrible holiday weekend hack.
Ransomware
Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold the system and therefore the business hostage. The rate of attack is relentless but it can take a lot of criminal effort to successfully hijack one victim’s computer system.
In this latest incident the hackers showed that by going after the software supplier of multiple organisations they can hit and damage tens, perhaps hundreds of victims in one go. We’ve seen horrendous supply chain attacks in the past but this one has the potential to be the biggest incident involving ransomware yet.
Online scourge
It shows that ransomware gangs are thinking creatively about how to have the most impact possible and command the biggest ransom possible.
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack. That may prove to be an understatement.
The company said it was urging customers to shut down their servers. It is unclear which type of companies have been affected at this stage..
Kaseya’s website says it has a presence in over 10 countries and more than 10,000 customers.
At a summit last month, it was reported that U.S. President Biden said he told Russian President Vladimir Putin he had a responsibility to rein in such cyber attacks. Mr Biden said he gave Mr Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be subject to hacking.
REvil is one of the most prolific and profitable cyber criminal groups in the world. The gang was blamed by the FBI for a hack in May that infected operations at JBS – the world’s largest meat supplier.
The group sometimes threatens to post stolen documents on its website – known as the ‘Happy Blog’ – if victims refuse to comply with its demands.
REvil was also linked to a co-ordinated attack on nearly two dozen local governments in Texas in 2019.
There was no obvious affect on the U.S. stock market as indices continued to climb unabated.
Nothing appears to affect the market.