Connect with us

Hi, what are you looking for?

Tech

New Ransomware Attack Targets key IT Vendor

US cyber officials are tracking a major new ransomware attack by the same group that hit meat supplier JBS Foodsthis spring

This time, the REvil malware has hit a wide range of IT management companies and compromised hundreds of their corporate clients.

The cybercriminal gang, which is believed to operate out of Eastern Europe or Russia, targeted a key software vendor known as Kaseya, whose products are widely used by IT management companies, cybersecurity experts said.

out at least a dozen IT support firms that rely on Kaseya’s remote management tool called VSA, said Kyle Hanslovan, CEO of the cybersecurity firm Huntress Labs. In at least one case, Hanslovan said, the attackers demanded a ransom of $5 million.

The incident not only affects the IT management companies, but also those companies’ corporate clients that have outsourced IT management to them, Hanslovan said. He estimated that as many as 1,000 small-to-medium sized businesses may be affected by the hack.

“This is only three and a half hours old, so this is very new, and we don’t know the scale yet,” Hanslovan said.

In recent months, cybercriminals have increasingly targeted organizations that play critical roles across broad swaths of the US economy. A high-profile attack against Colonial Pipeline in May disrupted fuel shipments to gas stations all along the east coast, prompting widespread panic buying. The JBS cyberattack led to a temporary shutdown of all nine of its US beef processing plants.

The latest, rapidly unfolding attack prompted alarm among cybersecurity experts.

“If you use Kaseya VSA, shut it down *now* until told to reactivate and initiate [incident response],” tweeted Christopher Krebs, former director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. In its own advisory, CISA said it is working to understand and address the issue.

In a blog post, Kaseya said it has shut down its cloud servers as it investigates the VSA incident.

“We are investigating a potential attack against the VSA that indicates to have been limited to a small number of our on-premises customers only,” Kaseya said. “We have proactively shut down our SaaS servers out of an abundance of caution.”

An analysis of the malicious software by the cybersecurity firm Emsisoft shows that it was created by REvil, the ransomware gang that US officials have said compromised JBS Foods.

Meanwhile, three of the compromised IT service providers are among Huntress Labs’ own cybersecurity clients, Hanslovan said.

“We have direct knowledge of it now and we have confirmed it is indeed REvil,” Hanslovan said.

As many as 200 of the three affected IT service providers’ customers have been compromised by the malware, Hanslovan said.

embedded in Kaseya VSA, which helped spread the malicious software because VSA is used by IT management firms to distribute software updates to their customers, Hanslovan said. It is unclear how Kaseya’s software was first compromised.

This supply chain-style attack is similar to the tactic used by Russian hackers in the SolarWinds compromise, though in this case the malicious software was used to hijack victim networks rather than to spy on them. CNN

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

ad

You May Also Like

News

Federal Government has announced a free train ride for any Nigerian citizen wishing to travel to celebrate the Christmas festivities. Mohammed Idris, Minister of...

Politics

Senate has initiated steps to prohibit the use of foreign currencies for payments and transactions within the country. The proposed legislation, aimed at ensuring...

News

ESET, a global leader in digital security, has provided insights on the rising threat of online scams. In a significant operation earlier in the...

Sports

Super Eagles of Nigeria winger, Ademola Lookman has been named the African Player of the Year at the prestigious 2024 Confederation of African Football...