Businesses are rushing to contain athat has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the holiday weekend
By MATT O’BRIEN, AP Technology Writer
July 3, 2021, 6:06 PM
• 4 min read
Businesses rushed Saturday to contain athat has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend. In Sweden, according to SVT, the country’s public broadcaster, most of the grocery because their cash registers weren’t working. The Swedish pharmacy chain were also affected.
Cybersecurity experts say the REvil gang, a major Russian-speaking. Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”
John Hammond of the security firm Huntress Labs said he was aware of several managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the. “It’s reasonable to think this could potentially be impacting thousands of said Hammond, basing his estimate on the service providers reaching out to his company for assistance and comments on Reddit showing how others are responding.
The company added in a statement Saturday that “customers who experienced supply chain attack with a ransomware attack.”should not click on any links — they may be weaponized.” Gartner analyst Katell Thielemann said it’s clear that Kaseya quickly sprang to action, but it’s less clear clients had the same level of preparedness. “They reacted with an abundance of caution,” she said. “But the reality of this event is it was architected for maximum impact, combining a
Supply chain attacks typically infiltrate widely used software and spread malware as it updates automatically. Complicating the response is that it happened at the start of a major holiday weekend in the U.S. when most corporate IT teams aren’t fully staffed. That could also leave those organizations unable to address other security vulnerabilities, such as a dangerous Microsoft bug affecting software for print jobs, said James Shank of threat intelligence firm Team Cymru.
“Customers of Kaseya are in the worst possible situation,” he said. “They’reout on other critical bugs.” Shank said, “iIt’sreasonable to think that the timing was planned” by hackers for a holiday. The federal said it is closely monitoring the situation and working with the FBI to collect more information about its impact. CISA urged anyone affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs a virtual system administrator, or VSA, to remotely manage and monitor a customer’s network.
The privately held Kaseya is based in Dublin, Ireland, with a U.S. headquarters in Miami. REvil, the group most experts have tied to the attack, was the same ransomware provider that the FBI linked to an attack on JBS SA, a primary global meat processor, amid theholiday weekend in May. Since 2019, the group has provided ransomware-as-a-service, which develops the network-paralyzing software and leases it to affiliates who infect targets and earn the lion’s share of ransoms. The Brazil-based meat the equivalent of an $11 million ransom to the hackers, escalating calls by U.S. to bring such groups to justice.