A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
FALSE DOCUMENTS? Actor William Liao said he was ‘voluntarily cooperating’ with police after a suspect was accused of helping to produce false medical certificates Police yesterday questioned at least six entertainers amid allegations of evasion of compulsory military service, with Lee Chuan (李銓), a member of boy band Choc7 (超克7), and actor Daniel Chen (陳大天) among those summoned. The New Taipei City District Prosecutors’ Office in January launched an investigation into a group that was allegedly helping men dodge compulsory military service using falsified medical documents. Actor Darren Wang (王大陸) has been accused of being one of the group’s clients. As the investigation expanded, investigators at New Taipei City’s Yonghe Precinct said that other entertainers commissioned the group to obtain false documents. The main suspect, a man surnamed
DEMOGRAPHICS: Robotics is the most promising answer to looming labor woes, the long-term care system and national contingency response, an official said Taiwan is to launch a five-year plan to boost the robotics industry in a bid to address labor shortages stemming from a declining and aging population, the Executive Yuan said yesterday. The government approved the initiative, dubbed the Smart Robotics Industry Promotion Plan, via executive order, senior officials told a post-Cabinet meeting news conference in Taipei. Taiwan’s population decline would strain the economy and the nation’s ability to care for vulnerable and elderly people, said Peter Hong (洪樂文), who heads the National Science and Technology Council’s (NSTC) Department of Engineering and Technologies. Projections show that the proportion of Taiwanese 65 or older would
Democracies must remain united in the face of a shifting geopolitical landscape, former president Tsai Ing-wen (蔡英文) told the Copenhagen Democracy Summit on Tuesday, while emphasizing the importance of Taiwan’s security to the world. “Taiwan’s security is essential to regional stability and to defending democratic values amid mounting authoritarianism,” Tsai said at the annual forum in the Danish capital. Noting a “new geopolitical landscape” in which global trade and security face “uncertainty and unpredictability,” Tsai said that democracies must remain united and be more committed to building up resilience together in the face of challenges. Resilience “allows us to absorb shocks, adapt under
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday said it is building nine new advanced wafer manufacturing and packaging factories this year, accelerating its expansion amid strong demand for high-performance computing (HPC) and artificial intelligence (AI) applications. The chipmaker built on average five factories per year from 2021 to last year and three from 2017 to 2020, TSMC vice president of advanced technology and mask engineering T.S. Chang (張宗生) said at the company’s annual technology symposium in Hsinchu City. “We are quickening our pace even faster in 2025. We plan to build nine new factories, including eight wafer fabrication plants and one advanced