Jump to content
Sign up to our newsletters
Independent
US election
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

Hundreds of US businesses hit by ‘colossal’ cyber-attack

Kaseya claims the attack hit only a few clients, but security firm Huntress Labs estimates the number is higher

Charlene Rodrigues
Saturday 03 July 2021 12:28 BST
Comments
“This is a colossal and devastating supply chain attack,” Huntress senior security researcher said.
“This is a colossal and devastating supply chain attack,” Huntress senior security researcher said. (AFP via Getty Images)
Leer en Español

Your support helps us to tell the story

Support Now

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Nearly 200 businesses were hit on Friday by a “colossal” ransomware attack that targeted widely used software from Kaseya, a Miami-based supplier.

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) said it is taking action to understand the recent supply-chain ransomware attack against Kaseya VSA

The attackers changed a Kaseya tool called VSA, used by firms that manage technology at smaller businesses. They then encrypted the files of those providers’ customers simultaneously.

CISA urged organisations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers.

Security firm Huntress Labs said it was tracking eight managed service providers that had been used to infect some 200 clients. Kaseya said in a statement that only a very small percentage of customers were affected – estimated at fewer than 40 worldwide. Exact names of the companies hit by the attack are unknown.

“This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.

Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies “it has the potential to spread to any size or scale business.”

Many managed service providers use VSA, although their customers may not realise it, experts said.

Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible - the same group FBI accused for paralysing meat packer JBS and Acer, earlier this year.

The attack took place on Friday afternoon just in time companies across the US were setting off for the long holiday weekend.

Kaseya’s website says it has a presence in over 10 countries and more than 10,000 customers.

Includes reporting by Reuters

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in