‘Colossal and devastating’ ransomware attack targets hundreds of US companies, cyber researchers say
A ransomware attack appears to be underway against the remote IT management platform Kaseya, affecting many of its clients, the US cyber security agency said. Researchers blame the same hackers who went after the meatpacker JBS.
The US Cybersecurity and Infrastructure Security Agency (CISA) said on Friday evening it was “taking action to understand and address the recent supply-chain ransomware attack against Kaseya” and providers that employ their software.
Supply chain attack of Kaseya, commonly used in managed service provider environments in the United States, leading to mass ransomware event.Details in link and thread as they develop:https://t.co/YStENYMTdW— Kevin Beaumont (@GossiTheDog) July 2, 2021
Kaseya has taken their cloud service offline. It initially said 200 companies were affected, but later changed that to “a small number.” Neither the company nor CISA have said anything about how the hackers may have gained access.
John Hammond of the cybersecurity firm Huntress Labs said “thousands” of computers were affected. “We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” he said, calling it a “colossal and devastating supply chain attack.”
John Hammond, senior security researcher at Huntress Labs, on the Kaseya breach: ~200 companies that use Kaseya's tech had their networks encrypted by REvil (think of this as SolarWinds but with ransomware). "This is a colossal and devastating supply chain attack." pic.twitter.com/c9xDnrJw9f— Zack Whittaker (@zackwhittaker) July 2, 2021
Brett Callow, a ransomware expert at Emsisoft, told AP he was unaware of any previous ransomware attacks on the supply chain on this scale, calling it “SolarWinds with ransomware.”
While the US government has blamed last year’s SolarWinds breach on Russia – Moscow has denied any involvement, calling the insinuations “absurd” and “pathetic” – the Kaseya hack seemed to be the work of REvil, a group many US researchers have described as “Russian-speaking.”
“Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi,” Hammond said.
REvil is a criminal syndicate the FBI blamed for the May ransomware attack on JBS, the Brazilian-based meat-packing conglomerate, which disrupted meat processing and deliveries in the US, Canada, and Australia. JBS admitted on June 10 that it had paid a $11 million ransom to the hackers in order to restore operations and prevent future disruptions.Also on rt.com Top US meat processor admits it paid $11 MILLION in bitcoin as ransom to hackers to prevent further disruptions
While the White House did not blame Russia for the JBS attack, White House Press Secretary Jen Psaki said that “responsible states do not harbour ransomware criminals” after the FBI pointed to REvil as the likely culprit behind the breach.
Cyber-sleuths also don’t believe the timing of the reported Kaseya hack was an accident. It came as the US was gearing up for a three-day weekend to celebrate the Independence Day holiday, and many companies as well as government agencies were closing up shop early.
“There’s zero doubt in my mind that the timing here was intentional,” Jake Williams of Rendition Infosec told AP.
Washington has repeatedly accused Moscow of either orchestrating cyberattacks on US infrastructure or “harboring criminal entities” that do so. Last month’s summit between US President Joe Biden and Russian President Vladimir Putin in Geneva prominently featured a discussion on hacking.Also on rt.com Cyberhack dispute: Russian diplomats say Moscow not behind attacks on US targets, but is itself constantly bombarded by Americans
On Friday morning, the Russian Embassy in Washington issued a statement noting that “constant attacks on critical infrastructure in Russia” are coming from US soil, and expressed hope the Americans would “abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security.”
Think your friends would be interested? Share this story!