A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
PALAU LAUNCHES: The source said that Taiwanese military personnel traveled to Palau, where a US brigade watched their work amid plans for a defense network The military last month participated in live-fire launches of MM-104F Patriot (PAC-3) missiles under US observation in an undisclosed location in Palau, a step forward in a US-led plan to create a joint defense missile system in the first island chain, a source said on condition of anonymity. The PAC-3 is the mainstay surface-to-air missile of the US, NATO and democratic nations in East Asia, the source said, adding that it has never been live-tested within Taiwan’s borders, the source said. The proximity of Taiwan to China and China’s close surveillance of the nation’s borders and nearby sea zones is a significant
IN MOURNING: Tsai visited the site and spoke with family members of those killed, while all the major presidential candidates said they would temporarily halt campaigning A fire and subsequent explosions at a golf ball factory at Pingtung Technology Industrial Park (屏東科技產業園區) killed at least seven people, including four firefighters, and injured 98, while three were still missing, authorities said yesterday. The blaze at Launch Technologies Co’s (明揚國際) plant on Jingjian Road raged for more than 12 hours after it started at about 5pm on Friday, officials said. The Pingtung County Fire Bureau early yesterday used large excavators to search for missing people, while family members waited at the scene. Pingtung County Fire Bureau Director Hsu Mei-hsueh (許美雪) said the bureau received a call about the fire at 5:31pm
DETERRENCE: The president on Thursday is to launch the first indigenous submarine, which is to enter sea trials next month before being delivered to the navy next year Taiwan hopes to deploy at least two new, domestically developed submarines by 2027, and possibly equip later models with missiles to bolster its deterrence against the Chinese navy and protect key supply lines, the head of the program said. Taiwan has made the Indigenous Submarine Program a key part of an ambitious project to modernize its armed forces as Beijing stages almost daily military exercises. President Tsai Ing-wen (蔡英文), who initiated the program when she took office in 2016, is expected to launch the first of eight new submarines on Thursday under a plan that has drawn on expertise and technology from
FISHING FUROR: The latest spat was sparked by a floating barrier that was found across the entrance of Scarborough Shoal during a resupply mission to fishers Beijing yesterday warned Manila not to “stir up trouble” after the Philippine Coast Guard said it removed a floating barrier at a disputed reef that was allegedly deployed by China to block Filipino fishers from the area. Scarborough Shoal (Huangyan Island, 黃岩島) in the South China Sea has long been a source of tension between the nations. China seized the ring of reefs from the Philippines in 2012 and has since deployed patrol boats. The latest spat was sparked by a 300m floating barrier that was found across the entrance of the shoal last week during a routine Philippine government resupply mission