Maxi ransomware attack in the United States. Hundreds of companies would be affected, The Washington Post reports. But perhaps many more would have been affected. On Friday night, hackers targeted American information technology company Kasia. The company confirmed that it was vulnerable to a “sophisticated cyberattack” on its VSA software, a set of tools used by IT departments to remotely manage and monitor computers. The company said only 40 customers were affected.
But since Kasia’s software is used by large IT companies providing contract services to hundreds of small businesses, the hacking could spread to thousands of victims. Kaseya has warned its nearly 40,000 customers to immediately disconnect the Kasya software. Cyber security firm Huntress Labs said it tracked down 20 IT companies, known as managed services providers, that were affected. Customers of more than 1,000 of these companies, mostly small businesses, were affected by the hack, Huntress Labs said on Reddit.
“I wouldn’t be surprised if it were thousands of companies,” said Fabian Voser, chief technology officer at Emsisoft, a company that provides software and consulting to help organizations defend against ransomware attacks. “We do not know yet because of the long weekend in the United States” on the occasion of the 4th of July national holiday celebration. With a large number of companies potentially affected, this attack could prove to be one of the largest in history. The researchers argued that Reville, the same hacker group that attacked JBS Meet earlier this year, is responsible for the attack. The cyberattack could escalate tensions between the US and Russia, as it comes just weeks after US President Joe Biden met with Russian President Vladimir Putin in Geneva, who warned that the US would be responsible for cyber attacks from Russia. will be held responsible.
Unlike most ransomware attacks (a type of malware that restricts access to the device it infects, requiring a ransom to lift the ban) it doesn’t seem to have happened before Revil blocked its victims. Attempted to steal sensitive data, Voser said.
“We believe we have identified the source of the vulnerability and are preparing a patch to address it,” said Fred Vokola, CEO of Qiasa. Researchers said cybercriminals sent two separate ransom demands on Friday, demanding $50,000 from smaller companies and $5 million from larger companies. Meanwhile, the US Federal Cyber Security and Infrastructure Security Agency is taking steps to combat the attack.
The frequency and severity of ransomware attacks have increased significantly during 2020. A report by a task force of more than 60 experts said that around 2,400 governments, health systems and schools in the country were affected by ransomware in 2020. The organizations paid more than $412 million to the attackers. In the ransom payment last year, according to analyst firm Chainalysis. Following the attack on the Colonial Pipeline in May, the US government urged US companies to strengthen their cyber security.
