President Joe Biden has ordered U.S. intelligence agencies to investigate the sophisticated ransomware attack that has trapped more than 1,000 companies around the world, him he told reporters on Saturday during a trip to Michigan to promote its infrastructure package.
In what appears to be one of the largest ransomware attacks in history, hackers have hijacked a management software widely used by international IT company Kaseya to push a “malicious update” to implement its “malware” to companies of the world “, u Record report.
“We’re not sure” who is behind Friday’s attack, Biden said. “The initial thought was that it was not the Russian government but we’re not even sure. ” He added that the US would respond if it established that Russia is to blame.
The culprit is suspected to be REvil, a notorious cybercrime syndicate that is thought to have ties to Russia that went ahead after high-profile targets such as Apple and Acer, according to u security company Huntress Labs. The group is also believed to have been behind the successful attack last month on the world’s largest meat processing company, JBS, which has stalled. $ 11 million in redemption.
On Friday, Kaseya warned customers to shut down their VSA servers immediately after discovering a security incident involving the software. Kaseya uses its VSA cloud platform to manage and send software updates to its customer’s network devices, i.e. managed service providers or MSPs that then provide remote IT services to hundreds of smaller businesses that are unable to do so. to conduct those processes at home.
The exact mechanics and scope of the attack are still unclear, but security experts believe the hackers exploited Kaseya’s VSA product to spread malware and encrypt the files of these vendors ’customers. Fred Voccola, CEO of Kaseya, said I do not update Friday that the company believes it has found the source of the vulnerability and plans to release a patch “as soon as possible to get our customers in reserve and running.” At the time, he said less than 40 of Kaseya’s customers were known to be affected.
However, considering how many of these customers are likely to be MSPs, that could translate into hundreds of smaller businesses relying on their endangered services. Hunter, who publicly followed the attack, said via Reddit which identified more than 1,000 companies whose servers and workstations were encrypted due to the attack. A suspected rape victim, Swedish retailer Coop, closed at least 800 stores over the weekend after their systems were put offline, in the New York Times report. John Hammond, the researcher’s senior security researcher, said at the point of sale that the hackers demanded $ 5 million in ransom from some of the affected companies.
“This is a colossal and devastating supply chain attack,” Hammond said later in a statement to Reuters. Supply chain attacks, in which hackers exploit a piece of software to target hundreds or even thousands of users simultaneously, are quickly becoming the day-to-day technique for high-profile cybercriminals. U SolarWinds Hackers has used a similar scheme to infect network management software used by many federal agencies and corporations in the United States.
In an update sent to Kaseya’s blog Sunday morning, the company said it is working with the FBI and the Cyber Security and Infrastructure Agency to address the situation and the affected customers.
“We are in the process of formulating a return to the service of our people.” [software as a service] operation of servers with restricted functionality and a higher security posture (estimated in the next 24-48 hours but subject to change) on a geographical basis, “the company wrote.” More details on the two limitations, safety posture changes, and the schedule will be in the next release later today. ”
Kaseya added that it has launched a new “compromise detection tool” to nearly 900 customers who have requested it, and is in the process of developing a private download site to provide access to more customers.