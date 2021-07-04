Hackers they made a cyberattack extortion against the company American Kaseya just before the long weekend in USA, potentially affecting more than 1,000 companies through its IT management program.

The first direct consequence of the attack was that a large supermarket chain Sweden had to close more than 800 stores after their boxes will be paralyzed.

Cyber ​​attack paralyzes at least 200 companies in the US

At the moment it is difficult estimate the actual scope of the attack with “ransomware”, a type of program that cripples computer systems from a company and then demands a reward in exchange for unlocking.

Por noticed around noon of the Friday of a possible incident in your VSA software, assured that it had been able to circumscribe it “to less than 40 clients in the whole world”.

But the latter provide services to other companies, allowing hackers to multiply their attack.

According to computer security company Huntress Labs, “more than 1,000 companies” have seen affected by this ransomware.

Based on the number of IT (information technology) service providers asking us for help and the comments we see in this thread, it’s reasonable to think that it could impact thousands of small businesses, “Huntress Labs says in a post. on the Reddit forum.

We do not have data at this time on the number of companies affected, “said Brett Callow, cybersecurity expert at Emsisof. But the scale of the attack is probably” unprecedented. “

Based in Miami, Kaseya, which claims to have more than 40 thousand clients, offers IT tools to companies, including VSA software to manage the network of servers, computers and printers from a single source.

Authorities observe

Ransomware attacks have become frequent, and the United States has been particularly hard hit in recent months by operations against large companies such as meat giant JBS and pipeline operator Colonial Pipeline, as well as local communities and hospitals.

Many experts think that the hackers behind these attacks are usually based in Russia. Moscow, suspected of covering or even being associated with their activities, denies any involvement.

But the phenomenon is growing so much that it was one of the main points raised by US President Joe Biden during his meeting in mid-June with his Russian counterpart Vladimir Putin.

The first thought was that it was not about the Russian government, but we are not sure, “said Biden, who this Saturday ordered an investigation.

This latest ransomware attack that affects hundreds of companies is a reminder to the United States government, which must fight against these groups of foreign cybercriminals, “said Christopher Roberti, director of cybersecurity at the United States Chamber of Commerce. .

The US Cybersecurity and Infrastructure Security Agency (CISA) “is closely monitoring the situation,” said Eric Goldstein, one of its executives.

We are working with Kaseya and coordinating with the FBI (federal police) to find the victims “of the ransomware, he added in a message sent to ..

Queue to pay

The nature of the attack is similar to that suffered by the SolarWinds software editor, which affected government organizations and businesses in the United States in late 2020.

Except that the latter, attributed by Washington to the Russian secret services, was rather “with a logic of espionage, while we are here in a logic of extortion,” said Gerome Billois, an expert in cybersecurity at the Wavestone consultancy.

Huntress Labs assured thatBased on the methods used, the type of ransomware and the internet address provided, the hackers are part of the group of hackers known as REvil or Sodinokibin.

The FBI attributed the attack on JBS in late May to that group.

Young ‘gamers’, the perpetrators of the hack; Twitter apologizes

The cyberattack against Kaseya is “one of the most important and extensive I’ve seen in my career,” said Alfred Saikali of the law firm Shook, Hardy & Bacon, used to dealing with these kinds of situations.

In general, it is recommended not pay the ransom, he emphasized. But sometimes, especially when data can’t be backed up, “there is no other option,” he admitted.

If multiple companies choose to pay, it’s not certain that the hacker group “has the ability to handle simultaneous conversations,” Brett Callow said.

If they have to queue to negotiate, the lost time can be very expensive, “he said.

