Washington- A cyber attack paralyzed the networks of at least 200 US companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.
John Hammond of security firm Huntress Labs said a group of Russian-speaking hackers who committed extortion using ransomware appeared to be behind the attack. As a conduit for spreading malware through cloud service providers. Other researchers agreed with Hammond’s assessment.
“Kaseya deals with large businesses with small businesses internationally, so this could eventually extend to any business size or scope,” Hammond said in a Twitter direct message. “This is a massive and devastating attack from outside sources,” he added.
Such third party (or supply chain) cyber attacks usually infiltrate widely used software and spread malicious code or malware, where it is automatically updated.
At the moment, it was not clear how many Kaseya customers could be affected or who could be affected. In a statement posted on its website, Kaseya urged its customers to immediately shut down the servers running the affected software. He pointed out that the attack was limited to “a small number” of his agents.
Brett Kalou, a ransomware expert at cybersecurity firm Emsisoft, said he was not aware of any previous third-party ransomware attacks of this scale. He said there were others, but smaller.
“It’s like SolarWinds with ransomware,” he said. He cited a Russian cyber-espionage campaign discovered in December that spread by infecting network management software to infiltrate US federal agencies and dozens of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies affected by the ransomware. He added that it was no coincidence that this happened before the July 4 weekend, when IT staff is often scarce.
“I have no doubt that the timing was intentional,” he said.