Kaseya is latest victim of supply-side ransomware attack: hundreds of companies affected
Hackers are demanding as much as $70 million
At least 200 businesses have been affected by a ransomware attack, after cyber criminals hijacked widely used software from Florida-based IT firm Kaseya.
Kaseya remotely controls programmes for several managed-service providers, which in turn, provide IT services to hundreds or thousands of small- and medium-sized businesses.
The attackers compromised Kaseya's remote monitoring and management tool, VSA , enabling them to encrypt the hundreds of businesses' computer IT systems.
The company urged customers use VSA to immediately shut down their servers.
'Due to our teams' fast response, we believe that this has been localised to a very small number of on-premises customers only,' Kaseya stated - although this doesn't mean that the attack wasn't devastating to victims.
Coop, one of Sweden's largest grocery chains, was forced to temporarily closed almost all of its nearly 800 stores after the attack. A pharmacy chain, petrol station chain, the state railway and public broadcaster SVT were also affected in Sweden, as well as IT firms in Germany and the Netherlands.
Kaseya's statement continues: 'Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service.'
Kaseya claims it has more than 10,000 customers around the world. The hackers, the same group who attacked meat-packing company JBS last month, are demanding $50,000 from smaller victims and $5 million from bigger firms, says The Washington Post.
According to Reuters, the demands total about $70 million.
The US Cybersecurity and Infrastructure Security Agency (CISA) stated on Friday evening that it was taking action to understand and address the attack against Kaseya VSA and the multiple MSPs using the software.
'CISA encourages organisations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers,' the statement added.
John Hammond, a senior security researcher at cybersecurity firm Huntress Labs, described the assault as a "colossal and devastating supply chain attack".
"It's reasonable to think this could potentially be impacting thousands of small businesses," he said.
Russian-speaking ransomware gang REvil - also known as Sodinokibi - has claimed responsibility for the attack.
This is only the latest in a recent spate of high-profile ransomware attacks, including JBS - which acknowledged last month that it paid REvil $11 million for decryption keys - and Colonial Pipeline, which crippled fuel delivery in the southeastern USA for several days.
Commenting on the Kaseya attack, US President Joe Biden says he has ordered a "deep dive" by US intelligence agencies on what happened in the attacks.
He added that he was "not sure" if Russian-speaking groups were behind the latest cyber attack.
"The initial thinking was, it was not Russian government, but we're not sure yet."