Maxi ransomware attack in the United States. Hundreds of businesses would have been affected, according to the Washington Post. But perhaps a much larger number would have been affected. On Friday night, hackers targeted the American information technology company Cassie. The company confirmed that it had suffered a “sophisticated cyber attack” on VSA, a suite of tools used by IT departments to remotely manage and monitor computers. The company said only 40 customers were affected.
But since Kaseya software is used by large IT companies that provide contract services to hundreds of small businesses, hacking may have spread to thousands of victims. Kaseya has warned all of its approximately 40,000 customers to immediately disconnect from the Kaseya software. Cybersecurity firm Huntress Labs said it has tracked down 20 IT companies, known as managed service providers, that were affected. Huntress Labs said on Reddit that more than 1,000 of these companies’ customers, mostly small businesses, were affected by the hack.
“I wouldn’t be surprised if there are thousands of companies out there,” said Fabian Wassar, chief technology officer of Emsisoft, a company that provides software and consulting to help organizations defend against ransomware attacks. “We don’t know yet because of the long weekend in the US” for the Fourth of July National Day celebrations. Given the large number of companies potentially affected, the attack could be one of the largest in history. The researchers argued that REvil, the same hacker group that attacked Jbs Meats earlier this year, was responsible for the attack. The cyber attack could increase tensions between the United States and Russia, as it comes just weeks after US President Joe Biden met with Russian President Vladimir Putin in Geneva, warning him that the United States would hold Moscow responsible for cyber attacks from Russia.
Unlike most ransomware attacks (a type of malware that restricts access to the device it infects, and requires a ransom payment to remove the restriction), REvil does not appear to have attempted to steal sensitive data before banning its victims, Wasser said.
“We believe we have identified the source of the vulnerability and are preparing a patch to mitigate it,” said Kiyesa CEO Fred Fukulla. The researchers said cybercriminals sent out two separate ransom requests on Friday, demanding $50,000 from smaller companies and $5 million from larger companies. Meanwhile, the US Federal Cyber Security and Infrastructure Security Agency is taking steps to deal with the attack.
Ransomware attacks increased dramatically in frequency and severity during the year 2020. A report by a task force of more than 60 experts stated that nearly 2,400 of the country’s governments, health systems and schools were affected by ransomware in 2020. Organizations paid attackers the most of 412 million dollars. in ransom payments last year, according to analyst firm Chainalysis. After an attack on the colonial pipeline in May, the US government urged US companies to strengthen their cyber security.