Kaseya suffered a ransomware attack, affecting a series of other technology companies
On July 2, Kaseya revealed they were the victims of a "potential attack", implying that the hacker had somehow hacked into users of the company's VSA product. Kaseya warns customers to turn off VSA "immediately".
While the company claims the attack only affected a "small number" of customers, given the vast coverage of Kaseya, the impact is sizable - potentially becoming one of the major ransomware attacks most in history.
Kaseya sells its products to companies known as managed service providers (MSPs) - companies that provide remote information technology services to small businesses that don't have the resources or IT staff.
MSPs use Kaseya's VSA cloud platform to help manage and send software updates to their customers, as well as to manage other user issues.
However, according to Record, a ransomware gang abuses the VSA by "using a malicious update" to infect "companies around the world."
While it's unclear the exact mechanism of the attack or how and when it happened, security experts say ransomware not only affects MSPs using VSA, but also their customers.
In other words, the ransomware appears to have hit hundreds of smaller businesses that use MSPs for IT support.
According to Gizmodo, three customers of Huntress Security Company using MSP and VSA were affected by the attack. The result could lead to 200 smaller businesses that rely on that MSP being attacked with encryption.
'We know there are four MSPs - three in the US and one overseas - all customers affected,' said John Hammond, senior security expert at Huntress. I have evidence that it has spread via VSA to all MSP customers. Based on everything we have, we strongly believe the culprit is REvil/Sodinikibi."
REvil is a well-known cybercriminal gang that has used ransomware to hunt down "lucky prey", including Apple and Acer. This is also believed to be the gang that attacked the meat supplier JBS, successfully demanding a ransom of 11 million USD.
US cybersecurity watchdogs are investigating and resolving the incident related to the attack on Kaseya.
"CISA encourages companies to consider Kaseya's recommendation and follow instructions to shut down VSA servers immediately," CISA said.
You should read it
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
- 7 kinds of ransomware you didn't expect
- Why is Ransomware the perfect hack?
- What is Ransomware Task Force (RTF)?
- Ransomware can encrypt cloud data
- Hackers can use Ransomware to attack and control robots
- Top 5 biggest ransomware attacks in 2021
- Learn about Ransomware: 6 ransomware on computers
- Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin
- List of the 3 most dangerous and scary Ransomware viruses
- Warning campaign of large-scale ransomware attack, misuse of 7zip to encrypt QNAP devices
- PureLocker - a very 'weird' ransomware strain that can encrypt servers