A 'Colossal' Ransomware Attack Paralyzes Hundreds of US Companies


Ahead of the US Independence Day weekend, a ransomware attack crippled the networks of at least 200 American companies on Friday, according to cybersecurity firm Huntress Labs. Threat actors targeted Miami-based IT firm Kaseya by employing the technique of hijacking one piece of software to exploit hundreds of thousands of users at a time.

We are investigating a “potential attack” on Virtual System Administrator (VSA), a widely used tool to monitor and manage our customers' IT networks across America, reads the statement posted by Kaseya on its website.

“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business. This is a colossal and devastating supply chain attack. Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically,” John Hammond, a senior security researcher with Huntress said in a direct message on Twitter. 

In the statement, Kaseya said the tool offers to monitor and manage servers, desktops, network devices, and printers and that it may have been attacked. Such an attack can be particularly insidious to address, said Chris Grove, a security expert at the cybersecurity firm Nozomi Networks.

“Once a breach happens, the victim would generally reach for these tools to work their way out of a bad situation, but when the tool itself is the problem or is unavailable, it adds complexity to the recovery efforts,” Chris Grove added.

Kaseya also noted that it suspected REvil, a Russian-based hacking group of paralyzing the company’s network. It is the same group of actors blamed by the FBI for paralyzing meat packer JBS last month. It also added that having learned of the incident around midday on Friday, it immediately brought in forensic cybersecurity experts to begin a probe. 

As a precautionary measure, the IT firm also contacted the Federal Bureau of Intelligence as well as the Cybersecurity Infrastructure and Security Agency (CISA), a branch of the US Department of Homeland Security. Shortly after, the CISA issued its own advisory, also directing Kaseya's customers to shut down its VSA platform. 

Following the security breach, Kaseya said a small number of companies had potentially been affected. The company said it had shut down some of its infrastructure and was urging customers who used the tool on their premises to immediately turn off their servers. However, Huntress Labs said the number was greater than 200.

According to the analysis firm Chainalysis, ransomware gangs extorted more than $412 million in ransoms last year. A report from a task force of more than 60 experts said nearly 2,400 governments, healthcare systems, and schools in the country were hit by ransomware in 2020.