Ransomware attack on Kaseya, a software firm, threatens businesses worldwide – CNET [CNET]

Following recent ransomware attacks that took down a major gas pipeline and a major meat producer in the US, a new assault has surfaced, this time hitting a Miami-based company that provides tech-management tools to organizations worldwide. Hundreds of companies, including a railway, pharmacy chain and grocery chain in Sweden, have reportedly been affected by the attack on software company Kaseya, which posted alerts to its site Friday and Saturday.

“We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links — they may be weaponized,” the company said in its most recent alert, adding that it’s working with the FBI to address the cyberattack.

The attack involves a Kaseya product called VSA, which among other things lets small and medium size businesses monitor their computer systems remotely, and automatically take care of routine server maintenance and security updates. 

Fewer than 40 customers had been affected by the cyberattack, the company’s CEO told The New York Times, but some of those are managed service providers, which can supply IT tools to hundreds of businesses. The Times said one of Sweden’s largest grocery chains, Coop, had to close at least 800 of its stores due to the attack. Kaseya says more than 40,000 organizations worldwide use at least one of its products, though not necessarily the VSA offering.

Ransomware attacks, where hackers breach systems and hold networks and data for ransom, have become an increasingly alarming phenomenon. Last month, one of the US’ biggest meat producers, JBS, paid an $11 million ransom in an attack that temporarily knocked out its processing plants. And in May, Colonial Pipeline revealed it had to shut down the main pipeline carrying gas to the US’ densely populated East Coast due to an attack. Colonial paid the hackers a $4.4 million ransom, though the Department of Justice later said it had recovered part of the payment. Some of the victims in the Kaseya VSA attack were seeing demands for $5 million in ransom, the Times reported.

Apart from the financial impact, such attacks, which have also hit hospitals, banks and city governments, have raised concern about the vulnerability of critical infrastructure. Shortly after the Colonial Pipeline attack was revealed, US President Joe Biden signed an executive order aimed at improving US cybersecurity defenses. The Biden administration also said it planned to launch a task force aimed at cracking down on hackers who use ransomware.

And in Biden’s summit last month with Russian President Vladimir Putin, one of the main topics of discussion was cyberattacks on critical infrastructure, whether launched by nation-states or hacking gangs within their boundaries. The Wall Street Journal reported that REvil, the same hacking group behind the attack on meat producer JBS, was responsible for the VSA cyberattack. On Saturday, Reuters also reported that a security firm believed Russia-linked REvil was responsible. The news agency said Biden has directed intelligence agencies to look into the matter.

“The initial thinking was it was not the Russian government but we’re not sure yet,” Biden said, according to Reuters. “If it is either with the knowledge of and/or a consequence of Russia then I told Putin we will respond,” Biden said, referring to the earlier summit. Biden said he’d be briefed on the Kaseya attack on Sunday, the news agency added.

The Russian Embassy in Washington didn’t immediately respond to a request for comment.

Both Kaseya and the US Cybersecurity and Infrastructure Agency advised customers running the VSA software on their servers to shut those servers down. Asked for additional information on the VSA attack, Kaseya said it was sharing its latest updates on its website and via social media.