Kaseya, an IT management software provider for MSPs and IT teams confirmed it has been a victim of a sophisticated cyberattack over the Fourth of July holiday weekend.
According to a statement from Kaseya, about 60 Kaseya VSA product customers were affected by the attack. However, a cybersecurity researcher whose company was responding to the incident says it paralyzed the networks of at least 200 U.S. companies on Friday.
The REvil gang appears to be behind the attack, says John Hammond of the security firm Huntress Labs. The same gang is also linked to the May attack on the global meat processor JBS SA.
The criminals used Kaseya’s network-management package to spread the ransomware through cloud-service providers.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Hammond said in a message on Twitter. “This is a colossal and devastating supply chain attack.”
Kaseya advised its customers to shut down the servers immediately and remain offline until further instructions from the company about when it is safe to restore operations.
A patch will be required to be installed prior to restarting the VSA. Customer who experience ransomware and receive communications from the attackers are instructed not to click on any links as they may be weaponized.
The company released a Compromise Detection Tool to search for indicators of the compromise. Over 2,000 customers have downloaded the tool since Friday.
Kaseya has met with the FBI/CISA to discuss systems and networking hardening requirements prior to service restoration for both SaaS and other customers.
The attackers requested $70 million in bitcoin. It is not known if the ransom was paid.
The attack is speculated to be intentionally timed for the Fourth of July weekend, when IT staffing is generally thin.
The Kaseya attack shows that hackers are becoming more strategic and targeting platforms like remote managed service providers that can take down multiple companies with one shot. For IT managers, make sure your systems are secure.