According to a cybersecurity analyst whose organization was responding to the event, a ransomware attack halted the networks of at least 200 U.S. companies on Friday.
According to John Hammond of security firm Huntress Labs, the REvil gang, a large Russian-speaking ransomware group, looks to be behind the attack. According to him, the thieves targeted Kaseya, a software company, and used its network-management package to disseminate the ransomware through cloud-service providers. Hammond's assessment was echoed by other scholars.
"Kaseya handles major enterprise all the way down to small businesses globally," Hammond stated in a Twitter direct message. "Ultimately, (this) has the ability to extend to any size or scale firm." "This is a massive and catastrophic attack on the supply chain."
These types of cyberattacks usually infect widely used software and disseminate malware when it upgrades itself.
It was unclear how many Kaseya clients would be affected or who those customers might be. Customers were instructed to take down servers using the impacted software immediately, according to a statement on Kaseya's website. The attack was limited to a "small number" of its customers, according to the company.
Brett Callow, a ransomware expert at Emsisoft, said he had never heard of a ransomware supply-chain attack of this magnitude before. Others, he added, have occurred, but they were small in nature.
He explained, "This is SolarWinds plus malware." He was alluding to a Russian cyberespionage hacking campaign disclosed in December that infiltrated U.S. federal agencies and scores of firms by infecting network management software.
