James Martin / CNET

Following the recent ransomware attacks that crippled a large gas pipeline and a large meat producer in the United States, a new attack has emerged, this time against a Miami-based company that provides technology management tools to companies around the world. Hundreds of companies, including a railroad, pharmacy and grocery chain in Sweden, have been reportedly affected by the attack on software company Kaseya posted notifications Friday and Saturday on his website.

“Our outside experts have advised us that customers who have experienced ransomware and are receiving communications from the attackers should not click links – they could be turned into weapons,” the company said in its latest warning, adding that it is with the FBI to fight the cyber attack.

The attack is about a Kaseya product called VSA, which enables small and medium-sized businesses to remotely monitor their computer systems and automatically take care of routine server maintenance and security updates.

Less than 40 customers were affected by the cyber attack, said the company’s CEO The New York Times, but some of them are managed service providers that can provide IT tools to hundreds of businesses. The Times said Coop, one of Sweden’s largest grocery chains, had to shut down at least 800 of its stores because of the attack. Kaseya says more than 40,000 organizations worldwide Use at least one of its products, but not necessarily the VSA offering.

Ransomware attacks, in which hackers break into systems and store networks and data for ransom, have become an increasingly alarming phenomenon. Last month, JBS, one of the largest meat producers in the United States, paid a ransom of $ 11 million in an attack that temporarily disabled its processing facilities. And in May Colonial Pipeline announced that the main pipeline had to be closed Transporting gas to the densely populated east coast of the US because of an attack. Colonial paid the hackers a ransom of $ 4.4 million, although the The Justice Department later said it had recovered part of the payment. Some of the victims of the Kaseya VSA attack saw $ 5 million ransom demands, the Times reported.

Aside from the financial impact, such attacks have also hit Hospitals, banks and City administrations, have raised concerns about the vulnerability of critical infrastructure. Shortly after the attack on the Colonial Pipeline became known, US President Joe Biden signed one Enforcement Order to Enhance US Cyber ​​Security Defense. The Biden government also said it plans to set up a task force to crack down on hackers who use ransomware.

And at the Biden summit with Russian President Vladimir Putin last month, one of the main topics of conversation was Cyber ​​attacks on critical infrastructures, whether launched by nation states or hacker gangs within their borders. The Wall Street Journal reported REvil, the same group of hackers behind the attack on meat producer JBS, was responsible for the VSA cyberattack. On Saturday, Reuters also reported that a security firm believes REvil is linked to Russia. The news agency said Biden has ordered intelligence agencies to investigate the matter.

“The first thought was that it wasn’t the Russian government, but we’re not sure yet,” Biden said, according to Reuters. “If it happens to either knowledge and / or a consequence of Russia, then I told Putin. we will answer“Said Biden, referring to the previous summit. Biden said he would be briefed on the attack from Kaseya on Sunday, the news agency added.

The Russian embassy in Washington did not immediately respond to a request for comment.

Both Kaseya and the USA Cybersecurity and Infrastructure Agency advised customers running VSA software on their servers to shut down those servers. When asked for additional information on the VSA attack, Kaseya said it had its latest updates on its website and via social media.

Source link

Leave a Reply