A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
OPTIMISTIC: A Philippine Air Force spokeswoman said the military believed the crew were safe and were hopeful that they and the jet would be recovered A Philippine Air Force FA-50 jet and its two-person crew are missing after flying in support of ground forces fighting communist rebels in the southern Mindanao region, a military official said yesterday. Philippine Air Force spokeswoman Colonel Consuelo Castillo said the jet was flying “over land” on the way to its target area when it went missing during a “tactical night operation in support of our ground troops.” While she declined to provide mission specifics, Philippine Army spokesman Colonel Louie Dema-ala confirmed that the missing FA-50 was part of a squadron sent “to provide air support” to troops fighting communist rebels in
PROBE: Last week, Romanian prosecutors launched a criminal investigation against presidential candidate Calin Georgescu accusing him of supporting fascist groups Tens of thousands of protesters gathered in Romania’s capital on Saturday in the latest anti-government demonstration by far-right groups after a top court canceled a presidential election in the EU country last year. Protesters converged in front of the government building in Bucharest, waving Romania’s tricolor flags and chanting slogans such as “down with the government” and “thieves.” Many expressed support for Calin Georgescu, who emerged as the frontrunner in December’s canceled election, and demanded they be resumed from the second round. George Simion, the leader of the far-right Alliance for the Unity of Romanians (AUR), which organized the protest,
ECONOMIC DISTORTION? The US commerce secretary’s remarks echoed Elon Musk’s arguments that spending by the government does not create value for the economy US Secretary of Commerce Howard Lutnick on Sunday said that government spending could be separated from GDP reports, in response to questions about whether the spending cuts pushed by Elon Musk’s Department of Government Efficiency could possibly cause an economic downturn. “You know that governments historically have messed with GDP,” Lutnick said on Fox News Channel’s Sunday Morning Futures. “They count government spending as part of GDP. So I’m going to separate those two and make it transparent.” Doing so could potentially complicate or distort a fundamental measure of the US economy’s health. Government spending is traditionally included in the GDP because
Hundreds of people in rainbow colors gathered on Saturday in South Africa’s tourist magnet Cape Town to honor the world’s first openly gay imam, who was killed last month. Muhsin Hendricks, who ran a mosque for marginalized Muslims, was shot dead last month near the southern city of Gqeberha. “I was heartbroken. I think it’s sad especially how far we’ve come, considering how progressive South Africa has been,” attendee Keisha Jensen said. Led by motorcycle riders, the mostly young crowd walked through the streets of the coastal city, some waving placards emblazoned with Hendricks’s image and reading: “#JUSTICEFORMUHSIN.” No arrest
RSS