FRANK BAJAK, ERIC TUCKER and MATT O'BRIEN
A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it updates automatically.
It was not immediately clear how many Kaseya customers might be affected or who they might be. Kaseya urged customers in a statement on its website to immediately shut down servers running the affected software. It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale. There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said. He was referring to a Russian cyberespionage hacking campaign discovered in December that spread by infecting network management software to infiltrate U.S. federal agencies and scores of corporations.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware. It’s no accident that this happened before the Fourth of July weekend, when IT staffing is generally thin, he added.
The federal Cybersecurity and Infrastructure Security Agency said in a statement late Friday that it is closely monitoring the situation and working with the FBI to collect more information about its impact.
1 comment:
And why wouldn't we have MORE security during the 4th? Why don't they understand ANY vulnerabilities are weakness shown on our National Securities part? Any enemies, be within our own Gov. (duh, happening IMO!), other adversaries, or other, probably know, we become understaffed at certain times? A question would be, what info are those hacks targeting, that might explain their objectives? Public not told? Everything wrong can't always be Russia, look at who we intertwined with under Clinton's,Bush, Obama, Biden, look at CCP's influence with recent Virus buddies; We are looking over there, and not over here?
We have had way too many security failures since 9/11, spies within, including Demo's porous borders opened by them again IMO, that create weakness within security measures needed in place, in my opinion; We created more Agencies after 9/11, risk them surveillance us more than real dangers evidently, because those failures are so numerous anymore, it's like, we don't need them? We need to restructure a couple really awesome Agencies, and have those work so well, we don't be bothered by embarrassing security breaches, in my opinion! Maybe some of those hired for IT security are not from, nor have an alliance for our USA? It's plausible these days, we have let our guard down obvious to most; Keep enemies close, not so close they dupe you, right? The good men of previous times protecting this Nation, and with less technology, kept USA safer, in my opinion! Perception is reality of course. IF security worked right, our Nation would not even be at such a turning point, IMO, USA Citizen's have endured multiplied of fall-outs from security breaches or lapses leading to current divided USA; Prayers for Unity, Security, USA Reigns, is the beckon for Hope!
Post a Comment