A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
FOUR DESIGNATED AREAS: Notices were issued for live-fire exercises in waters south and northwest of Penghu, northeast of Keelung and west of Kaohsiung, they said The military is planning three major annual exercises across the army, navy and air force this month, with the navy’s “Hai Chiang” (海強, “Sea Strong”) drills running from today through Friday, the Ministry of National Defense said yesterday. The Hai Chiang exercise, which is to take place in waters surrounding Taiwan, would feature P-3C Orion maritime patrol aircraft and S-70C anti-submarine helicopters, the ministry said, adding that the drills aim to bolster the nation’s offshore defensive capabilities. China has intensified military and psychological pressure against Taiwan, repeatedly sending warplanes and vessels into areas near the nation’s air defense identification zone and across
FORCED LABOR: A US court listed three Taiwanese and nine firms based in Taiwan in its indictment, with eight of the companies registered at the same address Nine companies registered in Taiwan, as well as three Taiwanese, on Tuesday were named by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) as Specially Designated Nationals (SDNs) as a result of a US federal court indictment. The indictment unsealed at the federal court in Brooklyn, New York, said that Chen Zhi (陳志), a dual Cambodian-British national, is being indicted for fraud conspiracy, money laundering and overseeing Prince Holding Group’s forced-labor scam camps in Cambodia. At its peak, the company allegedly made US$30 million per day, court documents showed. The US government has seized Chen’s noncustodial wallet, which contains
SUPPLY CHAIN: Taiwan’s advantages in the drone industry include rapid production capacity that is independent of Chinese-made parts, the economic ministry said The Executive Yuan yesterday approved plans to invest NT$44.2 billion (US$1.44 billion) into domestic production of uncrewed aerial vehicles over the next six years, bringing Taiwan’s output value to more than NT$40 billion by 2030 and making the nation Asia’s democratic hub for the drone supply chain. The proposed budget has NT$33.8 billion in new allocations and NT$10.43 billion in existing funds, the Ministry of Economic Affairs said. Under the new development program, the public sector would purchase nearly 100,000 drones, of which 50,898 would be for civil and government use, while 48,750 would be for national defense, it said. The Ministry of
SENATE RECOMMENDATION: The National Defense Authorization Act encourages the US secretary of defense to invite Taiwan’s navy to participate in the exercises in Hawaii The US Senate on Thursday last week passed the National Defense Authorization Act (NDAA) for Fiscal Year 2026, which strongly encourages the US secretary of defense to invite Taiwan’s naval forces to participate in the Rim of the Pacific (RIMPAC) exercise, as well as allocating military aid of US$1 billion for Taiwan. The bill, which authorizes appropriations for the military activities of the US Department of Defense, military construction and other purposes, passed with 77 votes in support and 20 against. While the NDAA authorizes about US$925 billion of defense spending, the Central News Agency yesterday reported that an aide of US
RSS