“Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA,” the company said.
The attack could hit a huge number of companies because VSA is used widely by organizations to keep an eye on their own networks.
The U.S. Cybersecurity and Infrastructure Security Agency urged companies in a statement to follow Kaseya’s advice and said it is “taking action to understand and address the recent supply-chain ransomware attack.”
Huntress Labs, a cybersecurity software company, which has clients that were affected by the attack, said they believe hacking group REvil is behind the ransomware attack. That’s the same group that the FBI said was responsible for the attack on JBS Meats, which resulted in the company paying REvil $11 million in ransom.
Huntress Labs said they had found eight Managed Service Providers — companies that provide IT services to other companies on a contractual basis — that had been hit by the attack. Around 200 businesses that are served by these MSPs have been locked out of parts of their network, Huntress Labs said.
“It is absolutely the biggest non-nation state supply chain cyberattack that we’ve ever seen,” Allan Liska, a researcher with cybersecurity firm Recorded Future, said Friday. “And it’s probably the biggest ransomware attack we’ve seen, at least the biggest since WannaCry.”
The WannaCry computer worm affected hundreds of thousands of people in 2017. The National Security Agency eventually linked the North Korean government to the creation of the worm.
Ransomware attacks have been on the rise since late 2019, as hackers band together and form cybercriminal gangs to extort companies for payment. The attacks are often carried out by attackers in Russia and Eastern Europe, and involve hackers somehow gaining access to a company’s computer system using tactics such as sending “phishing” emails.
Once inside, cybercriminals will lock down parts of the companies’ networks, and demand payment to release them back to the owner.
It is still unclear exactly how hackers gained access to Kaseya’s system. The company has been a popular target of REvil, Liska said, likely because it serves so many other organizations as customers.