Kaseya, a software company that provides services to more than 40,000 organizations around the world, said on Friday it was investigating the possibility that it was the victim of a cyber attack.
The company urged customers who use its systems management platform, called VSA, to shut down their servers immediately to avoid the possibility of being compromised by attackers.
“We are experiencing a potential VSA attack that has been limited to a small number of on-site customers only,” the company said. published on its website, referring to organizations that keep their software on their own sites rather than hosting it with a cloud provider. “We are investigating the root cause of the incident with the utmost vigilance.”
Kaseya did not respond to a request for comment.
John Hammond, a researcher at cybersecurity firm Huntress Labs, said at least eight companies that provide security or technology tools to hundreds of other small businesses may have been “compromised” by the Kaseya attack. He added that REvil, a group of Russian cybercriminals who the FBI said was behind the hack of the world’s largest meat processor, JBS, in May, was the most to blame.
Some of the companies involved have been asked for a ransom of $ 5 million, Mr Hammond said. At least 200 businesses were at risk, Huntress said.
“Kaseya manages large businesses to small businesses all over the world, so ultimately it has the potential to expand to any size or scale of business,” Mr. Hammond said. “This is a colossal and devastating attack on the supply chain.”
The United States Cybersecurity and Infrastructure Security Agency also described the incident in a declaration on its website as a “supply chain ransomware attack”. He urged Kaseya’s customers to shut down their servers and said he was investigating.
Hackers have carried out a series of prominent cyberattacks against U.S. companies in recent months, including JBS and Colonial pipeline, which carries fuel along the east coast. Both were ransomware attacks, in which hackers attempt to shut down systems until a ransom is paid. The video game company Electronic Arts was also recently hacked, but his data was not withheld for ransom.