The number of companies affected by a malicious ransomware attack on Kaseya has grown from just 50 to around 1,500 companies worldwide
The fallout from the devastating supply chain attack targeting software from Miami-based Kaseya continues to grow.
Security firms Sophos, Huntress and others pointed to a post (Click here) on REvil’s “Happy Blog”, which claims that more than a million devices have been infected. The blog also reveals that REvil is asking for $ 70 million in Bitcoin to unlock them all.
US President on Monday Joe Biden ordered US intelligence agencies to investigate the sophisticated attack, because of alleged Russian involvement.
Kaseya VSA hack
The hackers essentially hijacked a tool called VSA, which is used by companies that manage technology in smaller businesses, and then encrypted those customers’ files.
The hacking attack on Kaseya went so far that in Sweden, for example, most of the 800 branches of the Coop grocery chain could not open because the tills were not working.
State railways and a large chain of pharmacies were also affected.
Kaseya CEO Fred Voccola said on Friday just before the fourth weekend of July in the United States the company estimates that only about 50 companies were affected by the REvil attack.
But on Monday, Voccola admitted that the number of customers affected by the attack is much, much higher, with up to 1,500 affected organizations.
“Kaseya … was quick to respond to a ransomware attack on its VSA customers that was launched on the July 4th holiday weekend,” the company said announced in a statement On Monday.
“The company’s rapid remediation and mitigation efforts saved thousands of small and medium-sized businesses from the devastating impact on their operations and ensured business continuity,” she added.
On July 2 at around 2 p.m. EST, Kaseya was warned of a possible attack from internal and external sources.
Within an hour, Kaseya, with great caution, immediately blocked access to the software in question.
Kaseya said the attack had limited impact as only about 50 of Kaseya’s 35,000+ customers were targeted.
“While this attack impacted approximately 50 of Kaseya’s customers, it was not a threat or had any impact on critical infrastructure,” the company said. “Many of Kaseya’s customers are managed service providers who use Kaseya’s technology to manage IT infrastructure for local and small businesses with fewer than 30 employees, such as dental offices, small accounting offices, and local restaurants. Of the approximately 800,000 to 1,000,000 local and small businesses managed by Kaseya’s customers, only about 800 to 1,500 have been compromised. “
“Our global teams are working around the clock to get our customers back up and running,” said CEO Fred Voccola. “We are aware that every second they are closed affects their livelihood, which is why we are working feverishly to resolve this.”
Kaseya works actively with the FBI, CISA, the Department of Homeland Security, and the White House.
It is also working closely with FireEye Mandiant IR on the security incident.
“This is a joint effort to fix the problem and identify those responsible so that they can be held accountable,” added Voccola. “We’re so grateful for your help in getting our customers back online.”
“The immediate action-oriented, solution-oriented approach by CISA and the FBI, with tremendous overall support from the White House, has proven to be of great help in ensuring that this attack only resulted in a very small number of affected customers,” Voccola said. “Fortunately, while every affected customer is one too many, the impact of this sophisticated attack has proven to be grossly overrated.”
And the West’s patience with Russia and its covert cyber activities is currently very thin. As well as patience with criminal gangs that operate within Russian borders and carry out cyberattacks against Western nations.
Last week, US and UK cyber and intelligence agencies warned that Russian military hackers attack both the US and Europe.
It is worth remembering that US President Joe Biden and Russian President Vladimir Putin held a three-hour face-to-face meeting in Geneva last month.
Shortly afterwards, the head of the Russian Federal Security Service (FSB), Alexander Bortnikov, said that Russia would work with the US to track down cyber criminals.
Meanwhile, security experts warn that supply chain attacks like this one are a cunning vector of attack that can wreak havoc.
“Combining a supply chain attack with ransomware is a lethal mix with compelling results,” said Jake Moore, cybersecurity specialist at ESET. “Both lines of attack are feared by those in charge of their networks, but when they are merged, the casualties multiply and the money involved can be astronomical.”
“There will be tremendous initial pressure to restore the affected business networks, but many will be forced to pay the debts just because it remains the cheaper option,” said Moore.
“Attacking the supply chain is a cunning way of breaking into a network on the back of prior third-party trust, and the damage has proven catastrophic,” added Moore. “Although it may have cost the attackers more time and sophistication to smuggle the malicious code into the provider’s software, they can sneak into the software of all connected providers unnoticed and undamaged after installation.”
“It is pointed with the fingers and undoubtedly insurance calls are made, but this new wave of organized and tailored attacks is something to expect in the future,” warned Moore.
#Kaseya #hackers #demand #million #ransom #Silicon #tech #news