Massive Attack: 200+ US Organisations Hacked

Uploaded on 2021-07-03 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

More than 200 US businesses have been hit by a massive ransomware attack, according to researchers at cyber security software firm Huntress Labs.  They report that  cyber criminals are demanding $50,000 from smaller companies and $5 million from larger ones.  
 
In a replica of the devastating SolarWinds attack, the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software
 
With more than 40,000 organisations use Kaseya products, the company says, which includes VSA and other IT tools. The breach was timed to happen as companies across the US were clocking off for the long Independence Day weekend on 2nd July. Kaseya's website says it has a presence in over 10 countries and more than 10,000 customers and are in the process of investigating the root cause of this incident. 
 
In  recent statement, the CEO Kaseya confirmed that the company's Incident Response team realised they were being attacked and they closed-down their SaaS servers as a precautionary measure, despite not having received any reports of compromise from any SaaS or hosted customers. "..we immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected."
 
Kaseya on alert to keep customers informed and to make any changes necessary to move forward. “Luckily this is July 4 holiday, which means a lot of customers are offline anyway...We are hoping this is all resolved in the next 48 hours.” Huntress Labs has clients who were affected by the attack, says it believes Russian-speaking hacking group REvil is behind the ransomware attack - the same group that the FBI said was responsible for other recent large scale attacks.
 
The US Cybersecurity and Infrastructure Agency (CISA),  said that it is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. 
 
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack. The company said it was urging customers that use its VSA tool to immediately shut down their servers. 

Kaseya say that they took swift actions to protect their customers:  

  • Immediately shut down our SaaS servers as a precautionary measure, even though we had not received any reports of compromise from any SaaS or hosted customers.
  • Immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised.  
  • Followed an established incident response process to determine the scope of the incident and the extent that our customers were affected. 
  • Engaged our internal incident response team and leading industry experts in forensic investigations to help us determine the root cause of the issue.
  • Notified law enforcement and government cybersecurity agencies, including the FBI and CISA.  
Kaseya say that early indicators suggest that only a very small number of on-premises customers were affected, they took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. They also say that they have received positive feedback from their customers about their rapid and proactive response. 
 
Kaseya:        CISA:     BBC:     Washington Post:       ZDNet:    CRN
 
You Might Also Read:
 
Negotiating Ransom: To Pay Or Not?:
 
« Ransomware Attack Protection
Artificial Intelligence Can Reduce Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.