Kaseya suffered a ransomware attack, affecting a series of other technology companies

 286 total views

2021-07-03 04:12:59

A ransomware attack against the international information technology company Kaseya appears to have infected hundreds of small businesses involved.

On July 2, Kaseya revealed they were the victims of a “potential attack”, implying that the hacker had somehow hacked into users of the company’s VSA product. Kaseya warns customers to turn off VSA “immediately”.

While the company claims the attack only affected a “small number” of customers, given the vast coverage of Kaseya, the impact is sizable – potentially becoming one of the major ransomware attacks most in history.

Kaseya sells its products to companies known as managed service providers (MSPs) – companies that provide remote information technology services to small businesses that don’t have the resources or IT staff.

MSPs use Kaseya’s VSA cloud platform to help manage and send software updates to their customers, as well as to manage other user issues.

However, according to Record, a ransomware gang abuses the VSA by “using a malicious update” to infect “companies around the world.”

While it’s unclear the exact mechanism of the attack or how and when it happened, security experts say ransomware not only affects MSPs using VSA, but also their customers.

In other words, the ransomware appears to have hit hundreds of smaller businesses that use MSPs for IT support.

According to Gizmodo, three customers of Huntress Security Company using MSP and VSA were affected by the attack. The result could lead to 200 smaller businesses that rely on that MSP being attacked with encryption.

“We know of four MSPs – three in the US and one overseas – all customers affected,” said John Hammond, senior security expert at Huntress. I have evidence that it has spread via VSA to all MSP customers. Based on everything we have, we strongly believe the culprit is REvil/Sodinikibi.”

REvil is a well-known cybercriminal gang that has used ransomware to hunt down “lucky prey”, including Apple and Acer. This is also believed to be the gang that attacked the meat supplier JBS, successfully demanding a ransom of 11 million USD.

US cybersecurity watchdogs are investigating and resolving the incident related to the attack on Kaseya.

“CISA encourages companies to consider Kaseya’s recommendation and follow instructions to shut down VSA servers immediately,” CISA said.


#Kaseya #suffered #ransomware #attack #affecting #series #technology #companies

Leave a Reply

Your email address will not be published. Required fields are marked *