President Joe Biden has ordered U.S. intelligence agencies to investigate a complex ransomware attack that has put more than 1,000 companies worldwide in trouble. he Tell reporter Go to Michigan for promotion on Saturday His infrastructure package.
In the process of becoming one of the largest ransomware attacks in history, hackers hijacked the management software widely used by international IT company Kaseya to launch “malicious updates” and deploy their malware to “companies around the world.” recording report.
Biden said, “We are not sure” who was behind the attack on Friday. “The initial thought was that this was not the Russian government But we are not sure yet. “ He added that if the United States finds Russia to be the culprit, it will respond.
The culprit is suspected to be REvil, a notorious cybercriminal group believed to have ties to Russia. The group has previously tracked some high-profile targets, such as apple with Acer,according to Security company Hunttress LabsThe group is also believed to be behind the successful attack on JBS, the world’s largest meat processing company last month, and the company extorted 11 million USD At the ransom.
on Friday, Kaseya warned customers to shut down their VSA server immediately after discovering a security incident involving the software. Kaseya uses its VSA cloud platform to manage and send software updates to the network devices of its customers (ie, managed service providers or MSPs), which then provide remote IT services to hundreds of small businesses that cannot perform these processes in-house.
The exact mechanism and scope of the attack remains to be discovered, but security experts believe that hackers use Kaseya’s VSA products to spread malware and encrypt the files of these provider customers. Fred Voccola, CEO of Kaseya One Update on Friday The company believes that it has found the source of the vulnerability and plans to “release a patch as soon as possible so that our customers can resume normal operations.” At the time, he said that fewer than 40 Kaseya customers were known to be affected.
However, considering how many of these customers may be MSPs, this may mean that hundreds of small businesses that rely on its services are at risk.The female hunter who has been following the attack publicly said Via Reddit It has determined that the servers and workstations of more than 1,000 companies have been encrypted as a result of the attack. A suspected victim of the Swedish retailer Coop closed at least 800 stores over the weekend after its system went offline. New York Times report. John Hammond, a Huntress senior security researcher, told the media that hackers demanded a ransom of $5 million from some affected companies.
“This is a huge and devastating supply chain attack,” Hammond later said in a statement Reuters. Supply chain attacks (hackers use a single piece of software to target hundreds or even thousands of users at the same time) are rapidly becoming a common technique for well-known cybercriminals.This SolarWinds hacker A similar scheme was used to infect network management software used by several major federal agencies and companies in the United States.
in Update The company posted on Kaseya’s blog on Sunday morning that it is working with the FBI and the Cybersecurity and Infrastructure Security Agency to resolve the situation and affected customers.
“We are working on a phased recovery process [software as a service] Server farms with restricted functions and higher security conditions (expected in the next 24-48 hours, but may change) are based on geographic basis,” the company wrote. “Regarding restrictions, security situation changes and timing More detailed information on the framework will be provided in the next communiqué later today. ”
Kaseya added that it has introduced a new “compromise detection tool” to nearly 900 requesting customers and is developing a private download site to provide more customers with access.