Ransomware group hits software provider

Cybersecurity firm ESET also revealed that victims of the attack were from at least 17 countries, including Canada, Argentina, Germany, Kenya, Mexico, South Africa, and the UK.

CBC News reported that the attack was carried out by the REvil gang, a Russian-speaking ransomware group. The group abused Kaseya’s network-management package as a conduit to spread the malware through cloud-service providers.

Threat intelligence firm Team Cymru also said that the timing of the ransomware attack to coincide with the 4th of July celebrations in the US was planned. Kaseya is based in Dublin, but has a US headquarters in Miami.

Meanwhile, Emsisoft has noted that some of the affected victims appear to be getting ransom demands from the hackers, set at US$45,000. While a relatively small amount, compared to the previous amounts REvil demanded, the cybersecurity firm noted that the amount adds up when considering the potential number of victims.

In a statement, Kaseya CEO Fred Voccola said that the company has identified the source of the vulnerability and will soon release a patch to address it. The CEO also said that fewer than 40 of its customers were known to be affected.

Experts, however, warn that the malware could still be affecting hundreds more companies that rely on Kaseya’s clients, which offer broader IT services.

Kaseya manages a virtual system administrator (VSA) which is used to remotely manage and monitor a customer’s network. The company has advised all its clients to shut down VSA servers immediately – a decision the US Cybersecurity and Infrastructure Security Agency has urged everyone to follow.

REvil was responsible for the cyberattack on meat processing company JBS in June. The attack was so debilitating, that the company had to put its US, Canadian, and Australian operations on hold until it finally paid a ransom of US$11 million to the attackers.