Massive Attack: 200+ US Organisations Hacked

More than 200 US businesses have been hit by a massive ransomware attack, according to researchers at cyber security software firm Huntress Labs.  They report that  cyber criminals are demanding $50,000 from smaller companies and $5 million from larger ones.  
 
In a replica of the devastating SolarWinds attack, the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software
 
With more than 40,000 organisations use Kaseya products, the company says, which includes VSA and other IT tools. The breach was timed to happen as companies across the US were clocking off for the long Independence Day weekend on 2nd July. Kaseya's website says it has a presence in over 10 countries and more than 10,000 customers and are in the process of investigating the root cause of this incident. 
 
In  recent statement, the CEO Kaseya confirmed that the company's Incident Response team realised they were being attacked and they closed-down their SaaS servers as a precautionary measure, despite not having received any reports of compromise from any SaaS or hosted customers. "..we immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected."
 
Kaseya on alert to keep customers informed and to make any changes necessary to move forward. “Luckily this is July 4 holiday, which means a lot of customers are offline anyway...We are hoping this is all resolved in the next 48 hours.” Huntress Labs has clients who were affected by the attack, says it believes Russian-speaking hacking group REvil is behind the ransomware attack - the same group that the FBI said was responsible for other recent large scale attacks.
 
The US Cybersecurity and Infrastructure Agency (CISA),  said that it is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. 
 
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack. The company said it was urging customers that use its VSA tool to immediately shut down their servers. 

Kaseya say that they took swift actions to protect their customers:  

  • Immediately shut down our SaaS servers as a precautionary measure, even though we had not received any reports of compromise from any SaaS or hosted customers.
  • Immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised.  
  • Followed an established incident response process to determine the scope of the incident and the extent that our customers were affected. 
  • Engaged our internal incident response team and leading industry experts in forensic investigations to help us determine the root cause of the issue.
  • Notified law enforcement and government cybersecurity agencies, including the FBI and CISA.  
Kaseya say that early indicators suggest that only a very small number of on-premises customers were affected, they took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. They also say that they have received positive feedback from their customers about their rapid and proactive response. 
 
Kaseya:        CISA:     BBC:     Washington Post:       ZDNet:    CRN
 
You Might Also Read:
 
Negotiating Ransom: To Pay Or Not?:
 
« Ransomware Attack Protection
Artificial Intelligence Can Reduce Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

StationX

StationX

StationX is a leading provider of cyber security training, consultancy and services.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Popcorn Training

Popcorn Training

Popcorn Training, a KnowBe4 company, creates security awareness training that is entertaining, effective and most importantly memorable.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

CcHUB Cybersecurity Academy

CcHUB Cybersecurity Academy

CcHUB Cybersecurity Academy is an institute focused on refining raw, technical talents in cybersecurity.

Flatt Security

Flatt Security

Flatt Security is a cyber security startup based in Japan providing security assessments and other cyber security services.