A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
MISINFORMATION: The generated content tends to adopt China’s official stance, such as ‘Taiwan is currently governed by the Chinese central government,’ the NSB said Five China-developed artificial intelligence (AI) language models exhibit cybersecurity risks and content biases, an inspection conducted by the National Security Bureau (NSB) showed. The five AI tools are: DeepSeek, Doubao (豆包), Yiyan (文心一言), Tongyi (通義千問) and Yuanbao (騰訊元寶), the bureau said, advising people to remain vigilant to protect personal data privacy and corporate business secrets. The NSB said it, in accordance with the National Intelligence Services Act (國家情報工作法), has reviewed international cybersecurity reports and intelligence, and coordinated with the Ministry of Justice Investigation Bureau and the National Police Agency’s Criminal Investigation Bureau to conduct an inspection of China-made AI language
BOOST IN CONFIDENCE: The sale sends a clear message of support for Taiwan and dispels rumors that US President Donald Trump ‘sold out’ the nation, an expert said The US government on Thursday announced a possible sale to Taiwan of fighter jet parts, which was estimated to cost about US$330 million, in a move that an expert said “sends a clear message of support for Taiwan” amid fears that Washington might be wavering in its attitude toward Taipei. It was the first announcement of an arms sale to Taiwan since US President Donald Trump returned to the White House earlier this year. The proposed package includes non-standard components, spare and repair parts, consumables and accessories, as well repair and return support for the F-16, C-130 and Indigenous Defense Fighter aircraft,
CHECKING BOUNDARIES: China wants to disrupt solidarity among democracies and test their red lines, but it is instead pushing nations to become more united, an expert said The US Department of State on Friday expressed deep concern over a Chinese public security agency’s investigation into Legislator Puma Shen (沈伯洋) for “secession.” “China’s actions threaten free speech and erode norms that have underpinned the cross-strait ‘status quo’ for decades,” a US Department of State spokesperson said. The Chongqing Municipal Public Security Bureau late last month listed Shen as “wanted” and launched an investigation into alleged “secession-related” criminal activities, including his founding of the Kuma Academy, a civil defense organization that prepares people for an invasion by China. The spokesperson said that the US was “deeply concerned” about the bureau investigating Shen
‘TROUBLEMAKER’: Most countries believe that it is China — rather than Taiwan — that is undermining regional peace and stability with its coercive tactics, the president said China should restrain itself and refrain from being a troublemaker that sabotages peace and stability in the Indo-Pacific region, President William Lai (賴清德) said yesterday. Lai made the remarks after China Coast Guard vessels sailed into disputed waters off the Senkaku Islands — known as the Diaoyutai Islands (釣魚台) in Taiwan — following a remark Japanese Prime Minister Sanae Takaichi made regarding Taiwan. Takaichi during a parliamentary session on Nov. 7 said that a “Taiwan contingency” involving a Chinese naval blockade could qualify as a “survival-threatening situation” for Japan, and trigger Tokyo’s deployment of its military for defense. Asked about the escalating tensions
RSS