Breaking News
0
Ad-Free Version. Upgrade your Investing.com experience. Save up to 40% More details

Ransomware breach at Florida IT firm hits 200 businesses

EconomyJul 02, 2021 09:30PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
 
© Reuters. Computer network equipment is seen in a server room in Vienna, Austria, October 25, 2018. REUTERS/Heinz-Peter Bader

By Raphael Satter and Joseph Menn

WASHINGTON (Reuters) -Hundreds of American businesses were hit Friday by an unusually sophisticated ransomware attack that hijacked widely used technology management software from a Miami-based supplier called Kaseya.

The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers' customers simultaneously.

Security firm Huntress said it was tracking eight managed service providers that had been used to infect some 200 clients.

Kaseya said on its own website that it was investigating a "potential attack" on VSA, which is used by IT professionals to manage servers, desktops, network devices and printers.

It said it shut down some of its infrastructure in response and that it was urging customers that used VSA on their premises to immediately turn off their servers.

"This is a colossal and devastating supply chain attack," Huntress senior security researcher John Hammond said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.

Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies "it has the potential to spread to any size or scale business." Many managed service providers use VSA, although their customers may not realize it, experts said.

Some employees at service providers said on discussion boards that their clients had been hit before they could get a warning to them.

Reuters was not able to reach a Kaseya representative for further comment. Huntress said it believed the Russia-linked REvil ransomware gang - the same group of actors blamed by the FBI for paralyzing meat packer JBS last month - was to blame for the latest ransomware outbreak.

DEMANDS FOR RANSOM

A private security executive working on the response effort said that ransom demands accompanying the encryption ranged from a few thousand dollars to $5 million or more.

The corruption of an update process shows a marked escalation in sophistication from most ransomware attacks, which take advantage of security loopholes such as common passwords without two-factor authentication.

An email sent to the hackers seeking comment was not immediately returned. In a statement, the U.S. Cybersecurity and Infrastructure Security Agency said it was "taking action to understand and address the recent supply-chain ransomware attack" against Kaseya's VSA product.

Supply chain attacks have crept to the top of the cybersecurity agenda after the United States accused hackers of operating at the Russian government's direction and tampering with a network monitoring tool built by Texas software firm SolarWinds.

Kaseya has 40,000 customers for its products, though not all use the affected tool.

Ransomware breach at Florida IT firm hits 200 businesses
 

Related Articles

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with other users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind:  

  •            Enrich the conversation, don’t trash it.

  •           Stay focused and on track. Only post material that’s relevant to the topic being discussed. 

  •           Be respectful. Even negative opinions can be framed positively and diplomatically. Avoid profanity, slander or personal attacks directed at an author or another user. Racism, sexism and other forms of discrimination will not be tolerated.

  • Use standard writing style. Include punctuation and upper and lower cases. Comments that are written in all caps and contain excessive use of symbols will be removed.
  • NOTE: Spam and/or promotional messages and comments containing links will be removed. Phone numbers, email addresses, links to personal or business websites, Skype/Telegram/WhatsApp etc. addresses (including links to groups) will also be removed; self-promotional material or business-related solicitations or PR (ie, contact me for signals/advice etc.), and/or any other comment that contains personal contact specifcs or advertising will be removed as well. In addition, any of the above-mentioned violations may result in suspension of your account.
  • Doxxing. We do not allow any sharing of private or personal contact or other information about any individual or organization. This will result in immediate suspension of the commentor and his or her account.
  • Don’t monopolize the conversation. We appreciate passion and conviction, but we also strongly believe in giving everyone a chance to air their point of view. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.

Write your thoughts here
 
Are you sure you want to delete this chart?
 
Post
Post also to:
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Comments (5)
Investing Man
Investing Man Sep 07, 2021 12:19AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Florida hurricanes every year are bound to wipe the facilities out anyway.
Bda Bnd
Bda Bnd Jul 29, 2021 12:00PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
could be false flag
Bda Bnd
Bda Bnd Jul 29, 2021 12:00PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
could be false flag just scape ghost on Russia
Ad Cline
Ad Cline Jul 05, 2021 12:23AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Russian mafia is running the Russian government with Putin at its head. Putin is getting a piece of the action. Putin must be making a fortune and making the Biden look weak and foolish. Putin is a dictator and will lie cheat and steal if he thinks he can get away with it. he's ripped off the Russian people for 10s of billions of rubles. Putin is a corrupt, bloodthirsty psycopath he needs to be "neutralized".
Todd Gray
Todd Gray Jul 02, 2021 7:58PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Alleged is right? They could be anybody, from anywhere. blaming the Russians for stuff goes back long, long time. I have know way of knowing what I read, or hear on the boobtube is true, or not.
Greek Fire
Greek Fire Jul 02, 2021 7:58PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
You are right. In places in Texas and Florida, it's likely actors in the companies themselves.
 
Are you sure you want to delete this chart?
 
Post
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's Investing.com's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
or
Sign up with Email