[ad_1]
WASHINGTON — A ransomware attack paralyzed the networks of at least 200 US companies on Friday, according to a cybersecurity researcher whose company intervened.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack. John Hammond security firm Huntress Labs. he is He said they were targeting a software supplier named Kaseyauses the network management pack as a conduit to spread the ransomware through cloud service providers. Other researchers agreed hammondevaluation.
“Kaseya It covers large businesses globally to small businesses, so eventually (this) has the potential to expand into businesses of any size or scale.” hammond He said it in a direct message on Twitter. “This is a massive and devastating supply chain attack.” These types of cyberattacks often infiltrate widely used software and spread malware as it updates automatically.
It was not immediately clear how much. Kaseya customers may be affected or who they may be. Kaseya urged its customers to immediately shut down servers running the affected software, in a statement on its website. He said the attack was limited to “a small number” of customers.
Brett Callow, a ransomware specialist at cybersecurity firm Emsisoft, said he had never been aware of any ransomware supply chain attacks of this scale before. There were others, but they were quite small, he said.
“This is SolarWinds with ransomware,” he said. He was referring to a Russian cyberespionage hacking campaign that was discovered in December and spread by infecting network management software to infiltrate US federal agencies and numerous companies.
Cybersecurity researcher Jake Williams, head of Rendition Infosec, said he has already worked with six companies hit by the ransomware. It’s no coincidence that this happened before the 4th of July weekend, when IT staff were often weak, he added.
“There is no doubt in my mind that the timing here was intentional,” he said.
hammond The Huntress employee said he was aware that four managed service providers (companies that host IT infrastructure for multiple customers) were hit by ransomware. He said thousands of computers were hit.
“We currently have three Huntress partners affected by nearly 200 encrypted businesses.” hammond I said.
hammond He wrote on Twitter: “Based on everything we’re seeing right now, we strongly believe this is REvil/Sodinikibi.” The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the federal Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
• Bajak reported from Boston; O’Brien contributed from Providence, Rhode Island.
[ad_2]
Source link