Posted on Jul 03, 2021
About 200 US businesses have been hit by a "colossal" ransomware attack, according to cyber-security firm Huntress Labs.
Huntress said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software. Kaseya said in a statement on its own website that it was investigating a "potential attack".
Huntress said it believed the Russia-linked REvil ransomware gang was responsible.
The US Cybersecurity and Infrastructure Agency (CISA), a federal agency, said in a statement that it was taking action to address the attack.
CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers.
The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised. The company said it was urging customers that use its VSA tool to immediately shut down their servers.
Kaseya said in its statement that a "small number" of companies had been affected, though Huntress Labs said the number is already about 200 and counting.
It is not clear what specific companies have been affected - a Kaseya representative contacted by the BBC declined to give details.
Kaseya's website says it has a presence in over 10 countries and more than 10,000 customers.
"This is a colossal and devastating supply chain attack," Huntress Labs' senior security researcher John Hammond said in an email to Reuters news agency.
At a summit in Geneva last month, US President Joe Biden said he told Russian President Vladimir Putin he had a responsibility to rein in such cyber-attacks.
Mr Biden said he gave Mr Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be subject of hacking.
REvil - also known as Sodinokibi - is one of the most prolific and profitable cyber-criminal groups in the world.
The gang was blamed by the FBI for a hack in May that paralysed operations at JBS - the world's largest meat supplier.
The group sometimes threatens to post stolen documents on its website - known as the "Happy Blog" - if victims don't comply with its demands.
REvil was also linked to a co-ordinated attack on nearly two dozen local governments in Texas in 2019.
Follow EU Today on Social media: