Massive Attack: 200+ US Organisations Hacked

More than 200 US businesses have been hit by a massive ransomware attack, according to researchers at cyber security software firm Huntress Labs.  They report that  cyber criminals are demanding $50,000 from smaller companies and $5 million from larger ones.  
 
In a replica of the devastating SolarWinds attack, the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software
 
With more than 40,000 organisations use Kaseya products, the company says, which includes VSA and other IT tools. The breach was timed to happen as companies across the US were clocking off for the long Independence Day weekend on 2nd July. Kaseya's website says it has a presence in over 10 countries and more than 10,000 customers and are in the process of investigating the root cause of this incident. 
 
In  recent statement, the CEO Kaseya confirmed that the company's Incident Response team realised they were being attacked and they closed-down their SaaS servers as a precautionary measure, despite not having received any reports of compromise from any SaaS or hosted customers. "..we immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected."
 
Kaseya on alert to keep customers informed and to make any changes necessary to move forward. “Luckily this is July 4 holiday, which means a lot of customers are offline anyway...We are hoping this is all resolved in the next 48 hours.” Huntress Labs has clients who were affected by the attack, says it believes Russian-speaking hacking group REvil is behind the ransomware attack - the same group that the FBI said was responsible for other recent large scale attacks.
 
The US Cybersecurity and Infrastructure Agency (CISA),  said that it is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. 
 
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack. The company said it was urging customers that use its VSA tool to immediately shut down their servers. 

Kaseya say that they took swift actions to protect their customers:  

  • Immediately shut down our SaaS servers as a precautionary measure, even though we had not received any reports of compromise from any SaaS or hosted customers.
  • Immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised.  
  • Followed an established incident response process to determine the scope of the incident and the extent that our customers were affected. 
  • Engaged our internal incident response team and leading industry experts in forensic investigations to help us determine the root cause of the issue.
  • Notified law enforcement and government cybersecurity agencies, including the FBI and CISA.  
Kaseya say that early indicators suggest that only a very small number of on-premises customers were affected, they took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. They also say that they have received positive feedback from their customers about their rapid and proactive response. 
 
Kaseya:        CISA:     BBC:     Washington Post:       ZDNet:    CRN
 
You Might Also Read:
 
Negotiating Ransom: To Pay Or Not?:
 
« Ransomware Attack Protection
Artificial Intelligence Can Reduce Cyber Attacks »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

CIRT.ME

CIRT.ME

National Computer Incident Response Team of Montenegro.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

CyberWrite

CyberWrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

NovaTech

NovaTech

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

Intertrust Technologies

Intertrust Technologies

Intertrust Technologies invents, develops, and delivers technologies for trusted computing, digital privacy, and security.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

Optra Security

Optra Security

Optra Security specializes in information security with a focus on Application Security.

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.