[ad_1]
© Reuters. The computer network equipment is seen in a server room in Vienna (Austria) on October 25, 2018. REUTERS / Heinz-Peter Bader
By Raphael Satter and Joseph Menn
WASHINGTON (Reuters) – Hundreds of U.S. companies were hit by an unusually sophisticated ransomware attack on Friday by a Miami-based vendor named Kaseya that hijacked widely used technology management software.
The attackers changed the Kaseya tool called VSA, which was used by companies that manage technology in small businesses. They then encrypted the files of the clients of these providers at the same time.
The security company Huntress said it is monitoring eight service managers who have been used to infect about 200 customers.
Kaseya said on his website that he was investigating a “potential attack” by the VSA, which IT professionals use to manage servers, desktops, network devices and printers.
He responded by shutting down some infrastructure and urging customers who used VSA to shut down their servers immediately.
“It’s a colossal and destructive attack on the supply chain,” Huntress security chief researcher John Hammond said in an email, citing the increasingly high-profile hacker technique of hijacking software for hundreds or thousands of users at once.
Hammond added that since Kaseya connects large companies to small businesses, “it has the potential to expand into businesses of any size or size.” Many managed service providers use VSA, even if customers don’t realize it, experts say.
Some service provider employees said at discussion tables that they contacted customers before receiving the warning.
Reuters was unable to comment further on a Kaseya representative. Huntress said she believes the Russian-affiliated REvil ransomware gang – the same group of actors accused by the FBI of stopping the JBS meat packer last month – was to blame for the latest ransomware outbreak.
REQUESTS FOR RESCUE
A private security executive working to respond said encryption rescue requests along with encryption range from thousands of dollars to $ 5 million or more.
The corruption of an update process shows a significant increase in sophistication as a result of most ransomware attacks, which take advantage of security gaps like ordinary passwords without two-factor authentication.
Email sent to hackers looking for comments is not returned immediately. In a statement, the U.S. Cybersecurity and Infrastructure Security Agency said it was “taking steps to understand and correct a new supply chain ransomware attack” against Kaseya’s VSA product.
Supply chain attacks have reached the top of the cybersecurity agenda for hackers accused of the United States acting under a Russian government order and manipulating a network monitoring tool built by Texas-based software company SolarWinds.
Kaseya has 40,000 customers for its products, but not all of them use the affected tool.
Fusion Media or anyone related to Fusion Media will not be liable for any loss or damage based on information including data, quotes, tables and buy / sell signals on this website. Please be aware that the risks and costs associated with trading on the financial markets are one of the most risky investments possible.
[ad_2]
Source link
