Florida IT company ransomware vulnerability hits 200 companies Reuters

Authors: Rafael Sartre and Joseph Men

WASHINGTON (Reuters)-Hundreds of U.S. companies were attacked Friday by an extremely sophisticated ransomware attack that hijacked technology management software widely used by a Miami vendor called Kaseya.

The attackers changed a Kaseya tool called VSA, which is used by companies that manage small business technology. Then they simultaneously encrypt the files of these providers’ customers.

Security company Huntress said it is tracking eight hosting providers that have been used to infect approximately 200 customers.

Kaseya stated on its website that it is investigating a “potential attack” on the VSA, which IT professionals use to manage servers, desktops, network devices and printers.

It stated that in response, it shut down some infrastructure and urged customers who use VSA on its premises to shut down their servers immediately.

John Hammond, a senior security researcher at Huntress, said in an email: “This is a huge and devastating supply chain attack,” and he was referring to an increasingly compelling hacking technique, namely hijacking a piece of software. Hundreds of users can be compromised at once.

Hammond added that because Kaseya has access to all areas from large enterprises to small companies, “it has the potential to expand to enterprises of any size or scale.” Experts say that many hosting service providers use VSA, although their customers may not Realize this.

Some employees of the service provider stated on the discussion board that their customers were hit before they were warned.

Reuters was unable to reach a Kaseya representative for further comment. Huntress stated that it believes that the REvil ransomware group associated with Russia — the same group of actors accused by the FBI of paralyzing meat processor JBS last month — should be responsible for the latest ransomware outbreak.

Demand a ransom

A private security director engaged in response work stated that the ransom requirements that accompany encryption range from a few thousand dollars to 5 million dollars or more.

The damage to the update process indicates a significant increase in the complexity of most ransomware attacks that exploit security vulnerabilities, such as common passwords without two-factor authentication.

The email sent to the hacker seeking comment did not return immediately. The US Cybersecurity and Infrastructure Security Agency said in a statement that it is “acting to understand and resolve the recent supply chain ransomware attack on Kaseya’s VSA product.”

After the United States accused hackers of acting in accordance with the instructions of the Russian government and tampering with network monitoring tools developed by Texas software company SolarWinds, supply chain attacks have become the top priority of the cyber security agenda.

Kaseya’s products have 40,000 customers, but not all of them use the affected tools.