Hundreds Of US Companies Potentially Rocked By ‘Colossal’ Supply Chain Ransomware Attack
Hacking group REvil, which was behind attacks such as those on Acer in early 2021, has returned in force evidently, after approximately 200 U.S. businesses were hit by ransomware overnight. It has been found that the ransomware spread through software created by Florida-based IT company Kaseya in what is another massive supply chain attack.
Yesterday, Kaseya reported at 4:00 pm EST that it was "experiencing a potential attack against the VSA," its remote monitoring and management tool. At the time, it was recommended that VSA customers immediately shut down servers until further notice, as the attacker would first disable administrative access to VSA if they managed to breach the system.
With this, both the Cybersecurity and Infrastructure Security Agency (CISA) and Kaseya began investigating the situation. After approximately six hours, the company reported that while the investigation continued, it only believed that 40 customers worldwide had been affected. Initial estimates of affected customers came closer to 200, however, so it remains to be seen how wide-reaching this attack is.
Kaseya also provided an update today explaining that it is still looking into the situation, but the warning to keep VSA servers down until further notice remains. As for anyone who has been affected by the ransomware, outside experts for Kaseya suggest that if you receive communication from the threat actor, "you should not click on any links" as "they may be weaponized." The update also noted that we can expect a comprehensive report later today that will cover information about the incident and the recovery process.
While the situation is still developing by the hour, it is quite reminiscent of an attack in late 2020 by Russian-backed hacking group Nobelium. If you recall, the group successfully breached IT management and administration software SolarWinds, leading to a massive supply chain attack affecting thousands of organizations, including parts of the U.S. government. With this level of success in the SolarWinds attack, Dave Kennedy, founder of TrustedSec, explained that ransomware groups are taking note and that "we should continue to expect more of these supply chain attacks."
However, it is feared that this increase in attacks has already begun after the recent Colonial Pipeline ransomware incident that crippled half of the eastern seaboard's fuel supply effectively overnight. Coupling this with the recent uptick in attacks such as Kaseya's does not provide a great trajectory for security. Thus, companies and governments alike need to invest in cybersecurity before something worse happens; it is now just a matter of when, not if.