At least 200 American companies have been hit by a new ransomware attack, setting off alarm bells among US cybersecurity officials who have been increasingly rattled by a new wave of cyberattacks targeting broad sectors of the US economy.
The cyberattack, which is suspected to have been launched by the same group that hit meat supplier JBS Foods this spring, infiltrated a major software company called Kaseya and compromised hundreds of its IT management clients.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” John Hammond of the security firm Huntress Labs said in a message on Twitter. “This is a colossal and devastating supply chain attack.”
The cyberattackers, whom US cybersecurity experts said likely operated out of Russia, managed to smuggle ransomware onto the network platform of Kaseya, whose signature VSA software is widely used by IT management companies and other businesses around the world.
Kaseya said Friday evening that it had limited the attack to “a very small percentage of our customers.” Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
At least a dozen IT management firms that rely on VSA software have already been knocked out, leaving their corporate clients vulnerable.
Kyle Hanslovan, CEO of Huntress Labs, told CNN that he estimated that as many as 1,000 small-to-medium sized businesses may be affected by the hack. He added that at least in one case, the cybercriminals had demanded a ransom of $5 million.
In recent months, organizations that play critical roles across broad swaths of the US economy have been targeted by cyberattacks.
More recently, cybercriminals took down Colonial Pipeline in May and disrupted fuel shipments to gas stations all along the US east coast. About a month later, the cyberattack against JBS, the world’s largest meat processing company, prompted a temporary shutdown of all nine of its plants in the United States.
The latest, rapidly unfolding ransomware attack has also alarmed US cybersecurity experts.
“If you use Kaseya VSA, shut it down *now* until told to reactivate and initiate [incident response],” tweeted Christopher Krebs, former director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
According to US cybersecurity experts and the New Zealand government's Computer Emergency Response Team, the cybercriminals were affiliated with a hacking group known as REvil, the same group behind the JBS attack.