Computer network equipment is seen in a server room in Vienna, Austria, October 25, 2018. REUTERS/Heinz-Peter Bader
July 2, 2021
By Raphael Satter
WASHINGTON (Reuters) -Cybersecurity company Huntress Labs said on Friday that 200 American businesses have been hit by ransomware attacks following an incident at U.S. IT firm Kaseya in Miami.
Kaseya, in a statement posted on its own website, said it is investigating a “potential attack” on a widely used tool to reach into corporate networks across the United States.
In the statement https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021, Kaseya said its VSA tool – which is used by IT professionals to monitor and manage servers, desktops, network devices and printers – may have been attacked.
It said it had shut down some of its infrastructure in response and that it was urging customers that used VSA on their premises to immediately turn off their servers.
“This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.
Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies “it has the potential to spread to any size or scale business.”
Reuters was not immediately able to reach a Kaseya representative for further comment. Huntress said it believed the Russia-linked REvil ransomware gang – the same group of actors blamed https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-jbs-cyberattack by the FBI for paralyzing meat packer JBS last month – was to blame for the latest ransomware outbreak.
An email sent to the hackers seeking comment was not immediately returned. In a statement, the U.S. Cybersecurity and Infrastructure Security Agency said it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya’s VSA product.
Supply chain attacks have crept to the top of the cybersecurity agenda after hackers alleged to be operating at the Russian government’s direction tampered with a network monitoring tool built by Texas software firm SolarWinds.
Kaseya has 40,000 customers for its products, though not all use the affected tool.
(Reporting by Raphael Satter; additional reporting by Joseph Menn in San Francisco; Editing by Leslie Adler and Alistair Bell)