Massive Attack: 200+ US Organisations Hacked

Uploaded on 2021-07-03 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

More than 200 US businesses have been hit by a massive ransomware attack, according to researchers at cyber security software firm Huntress Labs.  They report that  cyber criminals are demanding $50,000 from smaller companies and $5 million from larger ones.  
 
In a replica of the devastating SolarWinds attack, the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software
 
With more than 40,000 organisations use Kaseya products, the company says, which includes VSA and other IT tools. The breach was timed to happen as companies across the US were clocking off for the long Independence Day weekend on 2nd July. Kaseya's website says it has a presence in over 10 countries and more than 10,000 customers and are in the process of investigating the root cause of this incident. 
 
In  recent statement, the CEO Kaseya confirmed that the company's Incident Response team realised they were being attacked and they closed-down their SaaS servers as a precautionary measure, despite not having received any reports of compromise from any SaaS or hosted customers. "..we immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected."
 
Kaseya on alert to keep customers informed and to make any changes necessary to move forward. “Luckily this is July 4 holiday, which means a lot of customers are offline anyway...We are hoping this is all resolved in the next 48 hours.” Huntress Labs has clients who were affected by the attack, says it believes Russian-speaking hacking group REvil is behind the ransomware attack - the same group that the FBI said was responsible for other recent large scale attacks.
 
The US Cybersecurity and Infrastructure Agency (CISA),  said that it is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. 
 
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack. The company said it was urging customers that use its VSA tool to immediately shut down their servers. 

Kaseya say that they took swift actions to protect their customers:  

  • Immediately shut down our SaaS servers as a precautionary measure, even though we had not received any reports of compromise from any SaaS or hosted customers.
  • Immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised.  
  • Followed an established incident response process to determine the scope of the incident and the extent that our customers were affected. 
  • Engaged our internal incident response team and leading industry experts in forensic investigations to help us determine the root cause of the issue.
  • Notified law enforcement and government cybersecurity agencies, including the FBI and CISA.  
Kaseya say that early indicators suggest that only a very small number of on-premises customers were affected, they took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. They also say that they have received positive feedback from their customers about their rapid and proactive response. 
 
Kaseya:        CISA:     BBC:     Washington Post:       ZDNet:    CRN
 
You Might Also Read:
 
Negotiating Ransom: To Pay Or Not?:
 
« Ransomware Attack Protection
Artificial Intelligence Can Reduce Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

tunCERT

tunCERT

TunCERT is the National Computer Emergency Response Team of Tunisia.

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

NVISIONx

NVISIONx

NVISIONx data risk governance platform enables companies to gain control of their enterprise data to reduce data risks, compliance scopes and storage costs.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Terra Quantum

Terra Quantum

Terra Quantum is a deep tech pioneer, developing revolutionary quantum applications to shape the technology of the future.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

IONOS

IONOS

IONOS is a leading provider of cloud infrastructure, cloud services, and hosting with more than 8.5 million customers contracts.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

DataKrypto

DataKrypto

DataKrypto’s advanced data encryption solutions protect data throughout its lifecycle.