A cyber attack paralyzed the networks of at least 200 US companies, according to a cybersecurity researcher whose company was responding to the incident.
REvil, a Russian-speaking group of hackers that has extorted ransomware, appears to have been behind Friday’s attack, said John Hammond of security firm Huntress Labs.
He commented that criminals targeted a software provider called Kaseya, using its network management suite as a conduit to spread malicious software through cloud service providers. Other researchers agreed with Hammond’s assessment.
Newsletter
Receive the latest news in Spanish Monday, Wednesday and Friday.
–
Subscribe to our newsletter
You may occasionally receive promotional content from the San Diego Union-Tribune en Español.
–
“Kaseya handles large companies to small businesses internationally, so ultimately this has the potential to extend to any size or scale of business,” Hammond said in a direct message sent by Twitter. “This is a colossal and devastating outsourced attack,” he added.
Such third-party (or supply chain) cyberattacks typically infiltrate widely used software and spread malicious code, or malware, as they are automatically updated.
At the moment it was not clear how many Kaseya clients could be affected or who they could be. Kaseya urged its customers in a statement posted on its website to immediately shut down the servers running the affected software. He noted that the attack was limited to a “small number” of his clients.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft, said he was not aware of any previous third-party ransomware attacks on this scale. There have been others, but smaller, he said.
“This is like SolarWinds with ransomware,” he noted. He referred to a Russian cyber espionage campaign discovered in December that spread by infecting network management software to infiltrate US federal agencies and dozens of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies affected by ransomware. It is no coincidence that this happened before the July 4 holiday weekend, when IT staff is often scarce, he added.
“I have no doubt that the timing was intentional,” he said.
–
