A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
MAKING WAVES: China’s maritime militia could become a nontraditional threat in war, clogging up shipping lanes to prevent US or Japanese intervention, a report said About 1,900 Chinese ships flying flags of convenience and fishing vessels that participated in China’s military exercises around Taiwan last month and in January have been listed for monitoring, Coast Guard Administration (CGA) Deputy Director-General Hsieh Ching-chin (謝慶欽) said yesterday. Following amendments to the Commercial Port Act (商港法) and the Law of Ships (船舶法) last month, the CGA can designate possible berthing areas or deny ports of call for vessels suspected of loitering around areas where undersea cables can be accessed, Oceans Affairs Council Minister Kuan Bi-ling (管碧玲) said. The list of suspected ships, originally 300, had risen to about 1,900 as
Japan’s strategic alliance with the US would collapse if Tokyo were to turn away from a conflict in Taiwan, Japanese Prime Minister Sanae Takaichi said yesterday, but distanced herself from previous comments that suggested a possible military response in such an event. Takaichi expressed her latest views on a nationally broadcast TV program late on Monday, where an opposition party leader criticized her for igniting tensions with China with the earlier remarks. Ties between Japan and China have sunk to the worst level in years after Takaichi said in November that a hypothetical Chinese attack on Taiwan could bring about a Japanese
Right-wing political scientist Laura Fernandez on Sunday won Costa Rica’s presidential election by a landslide, after promising to crack down on rising violence linked to the cocaine trade. Fernandez’s nearest rival, economist Alvaro Ramos, conceded defeat as results showed the ruling party far exceeding the threshold of 40 percent needed to avoid a runoff. With 94 percent of polling stations counted, the political heir of outgoing Costa Rican President Rodrigo Chaves had captured 48.3 percent of the vote compared with Ramos’ 33.4 percent, the Supreme Electoral Tribunal said. As soon as the first results were announced, members of Fernandez’s Sovereign People’s Party
MORE RESPONSIBILITY: Draftees would be expected to fight alongside professional soldiers, likely requiring the transformation of some training brigades into combat units The armed forces are to start incorporating new conscripts into combined arms brigades this year to enhance combat readiness, the Executive Yuan’s latest policy report said. The new policy would affect Taiwanese men entering the military for their compulsory service, which was extended to one year under reforms by then-president Tsai Ing-wen (蔡英文) in 2022. The conscripts would be trained to operate machine guns, uncrewed aerial vehicles, anti-tank guided missile launchers and Stinger air defense systems, the report said, adding that the basic training would be lengthened to eight weeks. After basic training, conscripts would be sorted into infantry battalions that would take
RSS