Kaseya suffered a ransomware attack, affecting a series of other technology companies
A ransomware attack against the international information technology company Kaseya appears to have infected hundreds of small businesses involved.
On July 2, Kaseya revealed they were the victims of a "potential attack", implying that the hacker had somehow hacked into users of the company's VSA product. Kaseya warns customers to turn off VSA "immediately".
While the company claims the attack only affected a "small number" of customers, given the vast coverage of Kaseya, the impact is sizable - potentially becoming one of the major ransomware attacks most in history.
Kaseya sells its products to companies known as managed service providers (MSPs) - companies that provide remote information technology services to small businesses that don't have the resources or IT staff.
MSPs use Kaseya's VSA cloud platform to help manage and send software updates to their customers, as well as to manage other user issues.
However, according to Record, a ransomware gang abuses the VSA by "using a malicious update" to infect "companies around the world."
While it's unclear the exact mechanism of the attack or how and when it happened, security experts say ransomware not only affects MSPs using VSA, but also their customers.
In other words, the ransomware appears to have hit hundreds of smaller businesses that use MSPs for IT support.
According to Gizmodo, three customers of Huntress Security Company using MSP and VSA were affected by the attack. The result could lead to 200 smaller businesses that rely on that MSP being attacked with encryption.
'We know there are four MSPs - three in the US and one overseas - all customers affected,' said John Hammond, senior security expert at Huntress. I have evidence that it has spread via VSA to all MSP customers. Based on everything we have, we strongly believe the culprit is REvil/Sodinikibi."
REvil is a well-known cybercriminal gang that has used ransomware to hunt down "lucky prey", including Apple and Acer. This is also believed to be the gang that attacked the meat supplier JBS, successfully demanding a ransom of 11 million USD.
US cybersecurity watchdogs are investigating and resolving the incident related to the attack on Kaseya.
"CISA encourages companies to consider Kaseya's recommendation and follow instructions to shut down VSA servers immediately," CISA said.
You should read it
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
- 7 kinds of ransomware you didn't expect
- Why is Ransomware the perfect hack?
- What is Ransomware Task Force (RTF)?
- Ransomware can encrypt cloud data
- Hackers can use Ransomware to attack and control robots
- Top 5 biggest ransomware attacks in 2021
- Learn about Ransomware: 6 ransomware on computers
- Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin
- List of the 3 most dangerous and scary Ransomware viruses
- Warning campaign of large-scale ransomware attack, misuse of 7zip to encrypt QNAP devices
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
Maybe you are interested
What is PetitPotam Attack? How to overcome PetitPotam attack The Microsoft MSERT tool can find web shells related to the Exchange Server attack campaign Many encrypted SSDs can be decoded without a password Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software The CredSSP vulnerability in the RDP protocol affects all versions of Windows Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer