Massive Attack: 200+ US Organisations Hacked

Uploaded on 2021-07-03 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

More than 200 US businesses have been hit by a massive ransomware attack, according to researchers at cyber security software firm Huntress Labs.  They report that  cyber criminals are demanding $50,000 from smaller companies and $5 million from larger ones.  
 
In a replica of the devastating SolarWinds attack, the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software
 
With more than 40,000 organisations use Kaseya products, the company says, which includes VSA and other IT tools. The breach was timed to happen as companies across the US were clocking off for the long Independence Day weekend on 2nd July. Kaseya's website says it has a presence in over 10 countries and more than 10,000 customers and are in the process of investigating the root cause of this incident. 
 
In  recent statement, the CEO Kaseya confirmed that the company's Incident Response team realised they were being attacked and they closed-down their SaaS servers as a precautionary measure, despite not having received any reports of compromise from any SaaS or hosted customers. "..we immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected."
 
Kaseya on alert to keep customers informed and to make any changes necessary to move forward. “Luckily this is July 4 holiday, which means a lot of customers are offline anyway...We are hoping this is all resolved in the next 48 hours.” Huntress Labs has clients who were affected by the attack, says it believes Russian-speaking hacking group REvil is behind the ransomware attack - the same group that the FBI said was responsible for other recent large scale attacks.
 
The US Cybersecurity and Infrastructure Agency (CISA),  said that it is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. 
 
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack. The company said it was urging customers that use its VSA tool to immediately shut down their servers. 

Kaseya say that they took swift actions to protect their customers:  

  • Immediately shut down our SaaS servers as a precautionary measure, even though we had not received any reports of compromise from any SaaS or hosted customers.
  • Immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised.  
  • Followed an established incident response process to determine the scope of the incident and the extent that our customers were affected. 
  • Engaged our internal incident response team and leading industry experts in forensic investigations to help us determine the root cause of the issue.
  • Notified law enforcement and government cybersecurity agencies, including the FBI and CISA.  
Kaseya say that early indicators suggest that only a very small number of on-premises customers were affected, they took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. They also say that they have received positive feedback from their customers about their rapid and proactive response. 
 
Kaseya:        CISA:     BBC:     Washington Post:       ZDNet:    CRN
 
You Might Also Read:
 
Negotiating Ransom: To Pay Or Not?:
 
« Ransomware Attack Protection
Artificial Intelligence Can Reduce Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

Macquarie Telecom Group

Macquarie Telecom Group

Macquarie Telecom is Australia's datacentre, cloud, cyber security and telecom company for mid-large business and government customers.

Adarma Security

Adarma Security

Adarma are specialists in threat management including SOC design, build & operation.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

Cyber-Security Council Germany

Cyber-Security Council Germany

The German Cyber Security Council's objective is to consult businesses, government agencies and political decision-makers and to support them against cybercrime.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.