There may be a leak in the software of the American company Kaseya, which is the cause of the large-scale ransomware attack that caused many companies to close on Saturday. ICT companies use this software to remotely manage client computer systems.
REvil Ransomware Club Used After hijacking Kaseya’s desktop management tool VSA, hackers can access thousands of systems. In this way, Trojan horses can be smuggled to many companies, including companies that have installed anti-ransomware software.Expert talk Supply chain attack.
The company has advised customers to take all VSA servers offline until Kaseya issues further instructions. The patch must be installed before the VSA can be restarted. Since Saturday, Kaseya VSA customers can use the inspection tool.
On Sunday afternoon Dutch time the company will meet more news. Later today, Kaseyo CEO Fred Voccola gave an interview with the American Breakfast Show Good Morning America.
Since the attack took place on the weekend, many companies have closed down, so it is difficult to estimate the extent of the damage at present. Kaseya, who works with the FBI, said that 40 of its customers were directly affected. Huntress Labs estimated on Saturday that thousands of small businesses may be affected.
Kaseya technology is also used by the Swedish company Visma Esscom, which in turn manages servers and devices for many Swedish companies. The Swedish supermarket chain Coop, which has a 20% market share, had to close all of its 800 stores on Saturday because the cash register was out of operation.
Hundreds of companies in the Netherlands may have fallen victim to major cyber attacks.In any case, it involves customers of the Waldenburg-based ICT company VelzArt, the report says weAmong them is the Udenhout technical service provider Hoppenbrouwers.
The Belgian Cyber Security Center still has Without notice Received from the cheated company, but this may be related to the weekend. The central government has issued a warning.
Mark Loman of the security company Sophos told NOS that the new attack is reminiscent of a similar attack that used NotPetya malware in 2017. The attack was carried out in a similar way, and the Danish transportation company Maersk and others lost about 200 million euros.
President Joe Biden has ordered his intelligence agency to investigate the matter. This seems to be the hacker who shut down the Brazilian meat giant JBS two months ago.
It is expected that measures will be taken in response to the attack. There have been speculations that ransomware may be banned, but Bitcoin payments may also be restricted.
Kevin Mandia, CEO of FireEye tell Last week, there was a direct link between the increase in ransomware attacks and the popularity of cryptocurrencies. “You can break in anonymously and get paid anonymously, 16,000 kilometers away from the safe haven.”
Colonial Pipeline even paid a $5 million ransom after its IT network was hacked. However, the FBI managed to recover some bitcoins because they possessed the private keys of the hackers’ bitcoin wallets.