A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
CLASH OF WORDS: While China’s foreign minister insisted the US play a constructive role with China, Rubio stressed Washington’s commitment to its allies in the region The Ministry of Foreign Affairs (MOFA) yesterday affirmed and welcomed US Secretary of State Marco Rubio statements expressing the US’ “serious concern over China’s coercive actions against Taiwan” and aggressive behavior in the South China Sea, in a telephone call with his Chinese counterpart. The ministry in a news release yesterday also said that the Chinese Ministry of Foreign Affairs had stated many fallacies about Taiwan in the call. “We solemnly emphasize again that our country and the People’s Republic of China are not subordinate to each other, and it has been an objective fact for a long time, as well as
‘CHARM OFFENSIVE’: Beijing has been sending senior Chinese officials to Okinawa as part of efforts to influence public opinion against the US, the ‘Telegraph’ reported Beijing is believed to be sowing divisions in Japan’s Okinawa Prefecture to better facilitate an invasion of Taiwan, British newspaper the Telegraph reported on Saturday. Less than 750km from Taiwan, Okinawa hosts nearly 30,000 US troops who would likely “play a pivotal role should Beijing order the invasion of Taiwan,” it wrote. To prevent US intervention in an invasion, China is carrying out a “silent invasion” of Okinawa by stoking the flames of discontent among locals toward the US presence in the prefecture, it said. Beijing is also allegedly funding separatists in the region, including Chosuke Yara, the head of the Ryukyu Independence
GOLDEN OPPORTUNITY: Taiwan must capitalize on the shock waves DeepSeek has sent through US markets to show it is a tech partner of Washington, a researcher said China’s reported breakthrough in artificial intelligence (AI) would prompt the US to seek a stronger alliance with Taiwan and Japan to secure its technological superiority, a Taiwanese researcher said yesterday. The launch of low-cost AI model DeepSeek (深度求索) on Monday sent US tech stocks tumbling, with chipmaker Nvidia Corp losing 16 percent of its value and the NASDAQ falling 612.46 points, or 3.07 percent, to close at 19,341.84 points. On the same day, the Philadelphia Stock Exchange Semiconductor Sector index dropped 488.7 points, or 9.15 percent, to close at 4,853.24 points. The launch of the Chinese chatbot proves that a competitor can
‘VERY SHALLOW’: The center of Saturday’s quake in Tainan’s Dongshan District hit at a depth of 7.7km, while yesterday’s in Nansai was at a depth of 8.1km, the CWA said Two magnitude 5.7 earthquakes that struck on Saturday night and yesterday morning were aftershocks triggered by a magnitude 6.4 quake on Tuesday last week, a seismologist said, adding that the epicenters of the aftershocks are moving westward. Saturday and yesterday’s earthquakes occurred as people were preparing for the Lunar New Year holiday this week. As of 10am yesterday, the Central Weather Administration (CWA) recorded 110 aftershocks from last week’s main earthquake, including six magnitude 5 to 6 quakes and 32 magnitude 4 to 5 tremors. Seventy-one of the earthquakes were smaller than magnitude 4. Thirty-one of the aftershocks were felt nationwide, while 79
RSS