Russian-based hackers have launched a cyberattack on at least 200 information technology management firms in the United States and demanded up to $5 million in ransom, it has been revealed.
The REvil gang, a major Russian-speaking ransomware syndicate that was linked to the JBS meat processor hacking incident, appears to be behind the attack despite President Joe Biden’s threat earlier this month of ‘retaliation’ to Russian President Vladimir Putin if the hacks continued.
The massive scale of the attack, which paralyzed the networks of at least 200 U.S. companies on Friday, was revealed by a cybersecurity researcher whose company was responding to the incident.
John Hammond of the security firm Huntress Labs said the criminals targeted a software supplier called Kaseya, which earlier in the day had said in a press release that the ‘potential attack’ had been ‘limited to a small number of on-premise customers only.’
‘We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us,’ the company wrote.
‘Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.’
The hackers used Kaseya’s network-management package as a conduit to spread the ransomware through cloud-service providers, Hammond said. Other researchers agreed with Hammond’s assessment.
‘Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,’ Hammond told the Associated Press in a direct message on Twitter.
‘This is a colossal and devastating supply chain attack.’
Such cyberattacks typically infiltrate widely used software and spread malware as it updates automatically.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Read the full story in Daily Mail
