Hundreds of companies in the Netherlands may have fallen victim to an international ransomware attack by Russian hackers on Friday, NOS reported. It appears that the attack was carried out by the Russia-affiliated REvil group, which the FBI also blamed for the attack on Brazilian meat processor JBS two months earlier.
The hackers carried out their ransomware attack using Kaseya software. IT companies use Kaseya to remotely manage their customers’ computer systems.
In any case, customers of the IT company VelzArt in Waardenburg were hit by the cyber attack. VelzArt has hundreds of customers. Companies have been warned that their computers could have been infiltrated between 6pm and 10pm on Friday evening. They were advised to turn off their devices. A VelzArt employee said the impact had been enormous: “We have been very busy and we are being flooded with calls.”
The technical service provider Hoppenbrouwers in Udenhout was also the target of the attack. Quick action was taken, but damage had already been done. Ten percent of the company’s 1,500 computers were infected. “It was not acted fast enough, but in time to steer the ship in the right direction,” said Hoppenbrouwers director Henny de Haas. “It happened in a very smooth way,” noted the director.
At least three other service providers in the Netherlands work with the same software. It is not known whether two of them were affected by the attack. The third provider, Xantion, found no evidence of malware. “We don’t know exactly yet, so the server remains switched off,” said the director of Xantion, Peter Oelen.
According to Oelen, the large-scale cyber attack represented a new level of cyber crime. Usually only one company is hit at a time. In this case, the hackers could target many more victims through the servers of service companies. “While you normally speak of a bullet for a company, what you see here is an atomic bomb that could potentially destroy thousands of companies in one fell swoop,” said Oelen. Hundreds of companies in the US and possibly other countries have been targeted.
Mark Loman of the security firm Sophos said more companies are likely to be affected by the attack. “We have a very limited overview of it. If you look at the companies we have offered protection to and we extrapolate that, I think tens of thousands of companies are affected. ”Exactly how many companies have been hit may never be clear, according to Loman. “Much remains invisible because many companies do not report it.”
The incident is similar to an attack on the Danish transport company Maersk in 2017, which cost the company around 200 million euros.
#International #cyberattacks #potentially #affect #hundreds #corporate #customers