President Joe Biden has ordered US intelligence agencies to investigate the sophisticated ransomware attack that has captured more than 1,000 companies worldwide. he told reporters on Saturday during a trip to Michigan for a PhD its infrastructure package.
In one of the largest ransomware attacks in history, the hackers hijacked widespread management software from the international IT company Kaseya to release a “malicious update” to deploy their malware “to companies around the world”. the recording reported.
“We are not sure,” who is behind the attack on Friday, said Biden. “The first thought was that it wasn’t the Russian government but we are not sure yet. “ He added that the US would react if it found that Russia was to blame.
The culprit is suspected of being REvil, a notorious cybercriminal syndicate believed to have ties to Russia, which previously had high profile goals like Apple and Acer, according to the Security company Huntress Labs. The group is believed to be behind last month’s successful blackmail attack on the world’s largest meat processing company, JBS $ 11 million in ransom.
On Friday, Kaseya warned customers to shut down their VSA servers immediately after discovering a security incident involving the software. Kaseya uses its VSA cloud platform to manage software updates and send them to its customers’ network devices, i.e. managed service providers or MSPs, who then deliver remote IT services to hundreds of smaller businesses that do not have these processes in-house can perform.
The exact mechanics and extent of the attack are yet to be revealed, but security experts believe that the hackers exploited Kaseya’s VSA product to spread malware and encrypt the files of these vendors’ customers. Fred Voccola, CEO of Kaseya, said in a To update on Friday that the company believes it has found the source of the vulnerability and plans to release a patch “as soon as possible to get our customers up and running again”. At that time, fewer than 40 Kaseya customers were known, he said.
However, considering how many of these customers are likely to be MSPs, it could result in hundreds of smaller businesses relying on their services to be compromised. Huntress, who publicly followed the attack, said via Reddit that it has identified more than 1,000 companies whose servers and workstations were encrypted as a result of the attack. A suspected security breach victim, Swedish retailer Coop, closed at least 800 stores over the weekend after its systems were taken offline. The New York Times reported. Huntress senior security researcher John Hammond told the outlet that the hackers were demanding a $ 5 million ransom from some of the affected companies.
“This is a colossal and devastating attack on the supply chain,” Hammond later said in a statement Reuters. Supply chain attacks, in which hackers exploit a single piece of software to attack hundreds or even thousands of users simultaneously, are fast becoming the de-jour technique for high-profile cybercriminals. The SolarWinds hackers uses a similar scheme to infect network management software used by several large US federal agencies and corporations.
in the an update Posted on Kaseya’s blog on Sunday morning, the company said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency to address the situation and affected customers.
“We are in the process of restarting our [software as a service] Server farms with limited functionality and a higher security status (expected in the next 24-48 hours, but subject to change) on a geographic basis, ”the company wrote. “Further details on the restrictions, changes to the security situation and the time frame will be published today in the next announcement.”
Kaseya added that it has rolled out a new “tradeoff detection tool” for nearly 900 customers who requested it and is in the process of developing a private download site to give more customers access.
#Biden #launches #federal #investigation #international #ransomware #attack