(New York) The US company Kaseya, which provides IT management tools to many companies, was the target of a cyberattack on Friday that generated ransom demands from many of its customers.
Kaseya said Friday night that it had limited the attack to a “very small percentage” of its customers who use the VSA software, “currently estimated at less than 40 in the world.”
Computer security firm Huntress Labs said today that 200 companies have been affected by ransomware.
Also known as “ransomware”, this type of computer program exploits security holes of a company or individual to encrypt and lock their systems, demanding a ransom to unlock them.
Kaseya became aware of a possible mishap with her VSA software at noon on the East Coast of the United States, just before a holiday weekend extended on Monday.
“As a precaution”, it immediately shut down the servers dedicated to clients that use its remote services, which a priori are not at risk.
At the same time, “he immediately warned his customers with his on-site software via email, in-software notice and over the phone to shut down the servers linked to the VSA so they are not compromised.”
“We believe that we have identified the source of the vulnerability and are preparing a patch,” the company said.
Based in Miami, Florida, Kaseya provides IT tools to small and medium-sized businesses, including the VSA tool to manage your network of servers, computers and printers from a single source. Claim more than 40,000 clients.
According to Huntress Labs, “about 200 companies have been encrypted.”
“Based on computer models, ransomware notes, and TOR URL, we strongly believe” that an affiliate of the hacking group known as Revel or Sodinokibi “is behind these intrusions,” says Huntress Labs in a message posted on the forum. from Reddit.
The FBI had attributed to this group in early June the cyber attack on the global meat giant JBS that had paralyzed its activities in North America and Australia for several days.
The United States has been hit in recent months by a wave of cyber ransomware attacks affecting large companies such as JBS and pipeline operator Colonial Pipeline, as well as local communities and hospitals.
Many of these attacks are attributed to Russian-based hacker groups operating at least with the tacit approval of the Kremlin.
The United States Agency for Cybersecurity and Infrastructure Security (CISA) said on its own website on Friday that it was taking steps “to understand and address the recent ransomware attack” against Kaseya’s VSA tool and various vendors of IT management services that use it.
She “encourages companies to follow Kaseya’s advice, including immediately following up on her procedure for shutting down servers” related to Kaseya’s software.