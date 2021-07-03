



FBI Headquarters in Washington, DC. The agency has been alerted to a new wave of ransomware attacks … [+] on American companies.

Corbis via Getty Images

Kaseya, whose VSA software platform is used by other tech companies to monitor and manage customers’ computer networks, has been the victim of a daring cyberattack. On July 2, the company issued a security advisory urging customers to immediately shut down versions of VSA running on their own servers. It also suspended its own cloud-based VSA service. The company is at the epicenter of a security crisis that combines two of the most devastating tactics currently deployed by hackers: supply chain attacks and ransomware. The first is to target companies whose software is widely used by other companies. Once inside the provider’s system, attackers use it as a starting point to gain access to its customers’ networks as well. Then, they install ransomware, which locks down victims’ data, only freeing them after a ransom payment has been made (usually in cryptocurrencies that cannot be found). Hackers targeting Kaseya managed to compromise her VSA platform and then use it as a jumping off point to find their way into other companies’ systems. Once inside, they deployed ransomware. It is still not clear exactly how much damage this cyber punch caused. In a security notice Posted on his website, Kaseya, who is US headquartered in Miami, said he currently believes the risk is limited to companies running VSA on their own servers rather than those using the cloud service it provides. Only a very small percentage of our customers have been affected, he added, currently estimated at less than 40 worldwide. The company’s consulting firm says it has more than 36,000 clients in total. < position="inread" progressive="" ad-id="article-0-inread" aria-hidden="true" role="presentation"/> Chain reaction However, some of the companies affected appear to be Managed Service Providers, or MSPs, that handle IT services, such as software upgrades and network monitoring, on behalf of a wide variety of other organizations. MSPs are popular targets for hackers, who use access to their systems and then gain access to those of MSP customers. Cybersecurity firm Huntress Labs said it believes eight MSPs have been compromised using the VSA platform and three it works with directly saw at least 200 customers in total affected by ransomware. The security company, which did not name the MSPs involved, believes a Russian-based hacking group known as REvil is behind the attack. In the statement posted on its website, Kaseya said she learned of a potential security incident around noon on Friday and quickly called forensic security experts to assist with her internal investigation and notified the FBI and the Cybersecurity Infrastructure. and Security Agency (CISA), which is part of the Department of Homeland Security. It has also issued advisory warnings to its customers. CISA said in a report published Friday evening that it is taking action to understand and resolve the recent supply chain ransomware attack against Kaseya VSA and the multiple Managed Service Providers (MSPs) that use the VSA software. He also urged organizations to follow Kaseyas’ instructions to shut down their own servers running the company’s software. Ransomware targets This new incident is the latest in a wave of ransomware attacks against U.S. companies, including meat-processing giant JBS and oil haulage company Colonial Pipeline, that have alarmed business and more high levels of government. The United States is also recovering from a supply chain attack on networking software company SolarWinds that compromised hundreds of systems of organizations, including businesses and government agencies. In a recent meeting with Vladimir Putin, President Joe Biden called on the Russian president to crack down on Russian-based groups involved in ransomware attacks and other cybercrimes.

