Gadgets News

A Large Ransomware Attack Can Affect More Than 200 Companies

Illustration for the article titled A Great Ransomware Attack Has Killed Hundreds Of Businesses

Photo: ROB ENGELAAR / ANP / AFP (Getty Images)

A ransomware attack on international computer company Kaseya appears to have infected hundreds of smaller companies based on the company’s product, including several based in the United States.

Friday, Kaseya disclosed who had been the victim of a “potential attack,” which implied that hackers were somehow targeted at users of their VSA product on the spot. Customers should close VSA “IMMEDIATELY,” an alert reads.

While the company said the attack is “limited to a small number” of customers, Kaseya’s position in a broader computing ecosystem means that the effects of this attack could be quite large – potentially making it one of the largest. history ransomware attacks.

Kaseya sells its products to companies known as managed service providers (MSPs) —companies that provide remote IT services to hundreds of smaller-sized businesses that do not have the resources to conduct those processes in-house. MSPs use Kaseya’s VSA cloud platform to help them manage and send software updates to their customers, as well as to manage other user issues.

However, it appears that a band of ransomware abused VSA “using a malicious update” to implement ransomware to “companies around the world.” and Record Reports. While it is unclear the exact mechanics of the attack or how and when it happened, security experts report that the ransomware affects not only MSPs using VSAs, but also their customers. In other words, the ransomware appears to have infected hundreds of smaller companies that rely on MSPs for IT support.

Security firm Huntress told Gizmodo that three of its customers, who are MSPs and use VSAs, have been affected by the attack and that, as a result, 200 smaller companies that rely on these MSPs have been affected. affected by encryption.

“We know four MSPs where all customers are affected – 3 U.S. and one overseas. MSPs with more than a thousand endpoints have been hit,” said John Hammond, a senior security researcher at Hunter. “When an MSP is compromised, we see evidence that it spreads across the VSA across all MSP clients.”

Hammond added that, “Based on everything we see now, we firmly believe this [is] REvil / Sodinikibi. “

REvil is a prominent cybercriminal gang that has used ransomware to go after high-profile targets, including Apple and Acer. It is also believed to be the gang that attacked the meat supplier JBS, successfully crushing the large beef supplier for $ 11 million.

Announced the US Federal Cybersecurity Agency, Cybersecurity and Infrastructure Security Agency Friday that he was “acting to understand and address the latest supply chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software.”

“CISA encourages organizations to review Kaseya’s advice and immediately follow its guidance to shut down VSA servers,” the agency said.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button