A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
‘UNUSUAL EVENT’: The Australian defense minister said that the Chinese navy task group was entitled to be where it was, but Australia would be watching it closely The Australian and New Zealand militaries were monitoring three Chinese warships moving unusually far south along Australia’s east coast on an unknown mission, officials said yesterday. The Australian government a week ago said that the warships had traveled through Southeast Asia and the Coral Sea, and were approaching northeast Australia. Australian Minister for Defence Richard Marles yesterday said that the Chinese ships — the Hengyang naval frigate, the Zunyi cruiser and the Weishanhu replenishment vessel — were “off the east coast of Australia.” Defense officials did not respond to a request for comment on a Financial Times report that the task group from
Asian perspectives of the US have shifted from a country once perceived as a force of “moral legitimacy” to something akin to “a landlord seeking rent,” Singaporean Minister for Defence Ng Eng Hen (黃永宏) said on the sidelines of an international security meeting. Ng said in a round-table discussion at the Munich Security Conference in Germany that assumptions undertaken in the years after the end of World War II have fundamentally changed. One example is that from the time of former US president John F. Kennedy’s inaugural address more than 60 years ago, the image of the US was of a country
BLIND COST CUTTING: A DOGE push to lay off 2,000 energy department workers resulted in hundreds of staff at a nuclear security agency being fired — then ‘unfired’ US President Donald Trump’s administration has halted the firings of hundreds of federal employees who were tasked with working on the nation’s nuclear weapons programs, in an about-face that has left workers confused and experts cautioning that the Department of Government Efficiency’s (DOGE’s) blind cost cutting would put communities at risk. Three US officials who spoke to The Associated Press said up to 350 employees at the National Nuclear Security Administration (NNSA) were abruptly laid off late on Thursday, with some losing access to e-mail before they’d learned they were fired, only to try to enter their offices on Friday morning
CONFIDENT ON DEAL: ‘Ukraine wants a seat at the table, but wouldn’t the people of Ukraine have a say? It’s been a long time since an election, the US president said US President Donald Trump on Tuesday criticized Ukrainian President Volodymyr Zelenskiy and added that he was more confident of a deal to end the war after US-Russia talks. Trump increased pressure on Zelenskiy to hold elections and chided him for complaining about being frozen out of talks in Saudi Arabia. The US president also suggested that he could meet Russian President Vladimir Putin before the end of the month as Washington overhauls its stance toward Russia. “I’m very disappointed, I hear that they’re upset about not having a seat,” Trump told reporters at his Mar-a-Lago resort in Florida when asked about the Ukrainian
RSS