Massive Kaseya Ransomware Attack On Businesses May Be Much Worse Than Previously Reported
Before the holiday weekend got underway, the REvil hacking group kicked off a massive supply chain attack involving remote management software company Kaseya. Based out of Florida, the company only reports that 40 of its remote monitoring tool VSA on-premises customers have been affected by this. However, some of these 40 could be managed service providers who in turn serve hundreds of small businesses, which bloats the number of affected companies upwards of 1,000.
This morning, Kaseya provided an update on its progress, explaining that it is working on a plan to restore software-as-a-service server farms while all on-premises VSA servers should remain offline until further notice. Furthermore, a new “Compromise Detection Tool” was rolled out to 900 customers who requested it, leading us to believe that there is more than meets the eye here.
Over on Reddit, cybersecurity company Huntress Labs has had a thread running for several days as it tracks where the ransomware attack goes. At present, it is estimated that 30 managed service providers or outsourced IT companies from across the US, AUS, EU, and Latin America have been attacked. Subsequently, more than 1,000 businesses under the MSPs’ umbrellas are reportedly encrypted as well. This growing list of companies now includes the Swedish supermarket chain Coop, which has now shuttered 500 stores due to cash registers no longer working.
At the time of writing, the group attributed to the attack, REvil, has not made any post or mention of the attack on its blog. But it may not be long before data makes its way out online. Alternatively, we hope that Kesaya and its security partners will be able to clean this mess up in due time. Whatever ends up happening, keep an eye on HotHardware for updates on the Kaseya supply chain attack.