Currently, it is difficult to estimate the true scope of an attack using “ransomware,” a type of software that paralyzes a company’s computer systems and then demands a reward for unlocking.
Kaseya stated that the incident was in its VSA program and confirmed that it was able to limit it to “less than 40 clients worldwide”. But the latter provides services to other companies, allowing hackers to double their attack.
According to computer security company Huntress Labs, “more than 1,000 companies” have been affected by this ransomware.
“Based on the number of IT (Information Technology) service providers asking us for help and the feedback we see on this topic, it is reasonable to believe that it could impact thousands of small businesses,” notes Huntress Labs in a Reddit forum post.
“We don’t have data at this time on the number of companies affected,” said Brett Kallo, Emsisof’s cybersecurity expert. But the scale of the attack may be “unprecedented”.
Miami-based Kaseya, which claims to have more than 40,000 customers, offers IT tools to businesses, including VSA software for managing network servers, computers, and printers from a single source.
– Authorities note –
Ransomware attacks have become frequent, and the United States has been hit particularly hard in recent months with operations against large companies such as meat giant JBS and pipeline operator Colonial Pipeline, as well as local communities and hospitals.
Many experts believe that the hackers behind these attacks are usually from Russia. Moscow, suspected of covering up or even linking to its activities, denies any involvement.
But the phenomenon is growing so dramatically that it was one of the main points US President Joe Biden raised during his mid-June meeting with his Russian counterpart Vladimir Putin.
“The first thought was that it’s not the Russian government, but we’re not sure,” said Biden, who on Saturday ordered an investigation.
“This latest ransomware attack affecting hundreds of companies is a reminder to the United States government, which must fight these groups of foreign cybercriminals,” said Christopher Robert, director of cybersecurity at the US Chamber of Commerce.
Eric Goldstein, one of its executives, said the US Cyber and Infrastructure Security Agency (CISA) is “closely monitoring the situation.”
“We are working with Cassia and coordinating with the FBI to find victims” of the ransom program, he added in a letter sent to AFP.
The nature of the attack is similar to that suffered by software publisher SolarWinds, which affected US government organizations and companies in late 2020.
The latter, which Washington attributes to Russian intelligence services, said Jerome Belloa, a cybersecurity expert at consultancy Wavestone, was rather “with the logic of espionage, while here we are in the logic of extortion.”
Huntress Labs has confirmed that depending on the methods used, the type of ransomware and the internet address provided, the hackers are part of the group of hackers known as REvil or Sodinokibin.
The FBI attributed the attack on JBS in late May to that group.
Alfred Saikali of the law firm Shook, Hardy & Bacon, who used to deal with these kinds of situations, said the cyber attack on Kaseya was “one of the most significant and comprehensive I’ve seen in my career.”
He stressed that in general, it is advised not to pay the ransom. But sometimes, especially when the data can’t be backed up, “there is no other choice,”
Brett Kalou said that if multiple payment companies opted, it was not certain that the hacker group “has the ability to handle simultaneous conversations.”
With information from Reuters and Agence France-Presse