A ransomware attack paralyzed the networks of at least 200 US companies on Friday, said a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs Inc.
He said the criminals targeted a software supplier called Kaseya, using its network management package as a conduit to spread the ransomware through cloud service providers.
Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it automatically updates.
It was not immediately clear how many Kaseya customers might be affected or who they might be.
Kaseya urged customers in a statement on its Web site to immediately shut down servers running the affected software.
It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at cybersecurity firm Emsisoft Ltd, said he was unaware of any previous ransomware supply-chain attack on this scale.
There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said.
He was referring to a Russian cyberespionage hacking campaign discovered in December last year that spread by infecting network management software to infiltrate US federal agencies and scores of companies.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.
It is no accident that this happened before the US national holiday Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.
He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.”
The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor.
The White House and the US Cybersecurity and Infrastructure Security Agency did not immediately return messages seeking comment.
As China waged extensive military exercises off Taiwan, a group of US defense experts in Washington was focused on their own simulation of an eventual — but for now entirely hypothetical — US-China war over the nation. The unofficial what-if game is being conducted on the fifth floor of an office building not far from the White House, and it posits a US military response to a Chinese invasion in 2026. Even though the participants bring a US perspective, they are finding that a US-Taiwan victory, if there is one, could come at a huge cost. “The results are showing that under
WRONG TIMING: The delegation’s trip has not only disappointed Taiwanese, but could send a wrong message to the global community, Tsai Ing-wen said Chinese Nationalist Party (KMT) Vice Chairman Andrew Hsia (夏立言) yesterday left with a delegation for a trip to China, drawing fire for visiting at a time when Beijing has been conducting intensive military drills to pressure Taiwan. Before boarding, he told reporters that the delegation would be visiting Taiwanese communities and students in China, and possibly meet with Chinese officials. The Mainland Affairs Council on Tuesday night said that it was not the right time for political party members to visit China, as Beijing has been conducting military exercises since Thursday last week. President Tsai Ing- wen (蔡英文), chairperson of the Democratic
‘HONORED’: The DPP’s Lin Fei-fan said friends working in the foreign media, the diplomatic corps and at think tanks congratulated him for making the sanctions list The Ministry of Foreign Affairs (MOFA) yesterday slammed China for sanctioning Representative to the US Hsiao Bi-khim (蕭美琴) and six other Taiwanese officials for being “diehard separatists,” saying its attempt to intimidate Taiwanese would backfire. China has no authority to dictate the actions of Taiwanese, because Taiwan is a democratic nation that upholds the rule of law, and would never yield to intimidation and threats from an authoritarian regime, ministry spokeswoman Joanne Ou (歐江安) told a news conference in Taipei. China’s state-run Xinhua news agency earlier yesterday reported that the Taiwan Work Office of the Chinese Communist Party Central Committee has imposed
ORDNANCE: Under a five-year plan, the Chungshan Institute would make about 200 Hsiung Feng II and III/IIIE, and Hsiung Sheng missiles, an official said The Ministry of National Defense plans to counter the Chinese navy by producing more than 1,000 anti-ship missiles over the next five years, a defense official familiar with the matter said yesterday. The comments came after China’s People’s Liberation Army Navy began a series of military drills in a simulated naval blockade of Taiwan proper following a visit to Taipei by US House of Representatives Speaker Nancy Pelosi. Although China has in the past few years rapidly produced many warships and added them to its navy, these large vessels are more suited for warfare on the open sea than in the narrow