A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
The US government has signed defense cooperation agreements with Japan and the Philippines to boost the deterrence capabilities of countries in the first island chain, a report by the National Security Bureau (NSB) showed. The main countries on the first island chain include the two nations and Taiwan. The bureau is to present the report at a meeting of the legislature’s Foreign Affairs and National Defense Committee tomorrow. The US military has deployed Typhon missile systems to Japan’s Yamaguchi Prefecture and Zambales province in the Philippines during their joint military exercises. It has also installed NMESIS anti-ship systems in Japan’s Okinawa
‘WIN-WIN’: The Philippines, and central and eastern European countries are important potential drone cooperation partners, Minister of Foreign Affairs Lin Chia-lung said Minister of Foreign Affairs Lin Chia-lung (林佳龍) in an interview published yesterday confirmed that there are joint ventures between Taiwan and Poland in the drone industry. Lin made the remark in an exclusive interview with the Chinese-language Liberty Times (the Taipei Times’ sister paper). The government-backed Taiwan Excellence Drone International Business Opportunities Alliance and the Polish Chamber of Unmanned Systems on Wednesday last week signed a memorandum of understanding in Poland to develop a “non-China” supply chain for drones and work together on key technologies. Asked if Taiwan prioritized Poland among central and eastern European countries in drone collaboration, Lin
BACK TO WORK? Prosecutors said they are considering filing an appeal, while the Hsinchu City Government said it has applied for Ann Kao’s reinstatement as mayor The High Court yesterday found suspended Hsinchu mayor Ann Kao (高虹安) not guilty of embezzling assistant fees, reducing her sentence to six months in prison commutable to a fine from seven years and four months. The verdict acquitted Kao of the corruption charge, but found her guilty of causing a public official to commit document forgery. The High Prosecutors’ Office said it is reviewing the ruling and considering whether to file an appeal. The Taipei District Court in July last year sentenced Kao to seven years and four months in prison, along with a four-year deprivation of civil rights, for contravening the Anti-Corruption
NO CONFIDENCE MOTION? The premier said that being toppled by the legislature for defending the Constitution would be a democratic badge of honor for him Premier Cho Jung-tai (卓榮泰) yesterday announced that the Cabinet would not countersign the amendments to the local revenue-sharing law passed by the Legislative Yuan last month. Cho said the decision not to countersign the amendments to the Act Governing the Allocation of Government Revenues and Expenditures (財政收支劃分法) was made in accordance with the Constitution. “The decision aims to safeguard our Constitution,” he said. The Constitution stipulates the president shall, in accordance with law, promulgate laws and issue mandates with the countersignature of the head of the Executive Yuan, or with the countersignatures of both the head of the Executive Yuan and ministers or
RSS