Russian hackers target IT supply chain in ransomware attack
According to cybersecurity researchers, hackers started a ransomware attack on Friday, attacking at least 200 companies.
In one of the largest supply chain attacks to date, hackers hacked into IT management software provider Kaseya in order to spread ransomware to managed service providers and their customers using its technology.
Cybersecurity organization Hunttress Labs Attributed to The attack on REvil, the notorious Russian-related ransomware cartel that the FBI claims to have recently supported Serious attack on beef supplier JBS.
This attack is the latest example of hackers weaponizing the IT supply chain to attack victims on a large scale by destroying only one supplier. For example, last year, Russian state-backed hackers hijacked SolarWinds IT software group to infiltrate the email networks of US federal agencies and companies.
Later on Friday, Kaseya estimated Approximately 40 of its direct 36,000 customers were affected by the attack. It urges those who use the infected “VSA server” tool, which provides remote monitoring and patching capabilities, Turn it off Instantly.
The company added: “We believe we have identified the source of the vulnerability and are preparing a patch for our local customers to mitigate it, and these patches will be thoroughly tested.”
At the same time, Huntress said that the three hosting service providers that it worked with were compromised, causing about 200 companies to become victims of ransomware attacks-data was encrypted by hackers and released only after the ransom was paid.
Huntress said it knows that at least eight cloud service providers have been compromised, which suggests that the number of ransomware victims may be much higher.
Allan Liska of the Recorded Future Computer Security Incident Response Team said that the customers of managed service providers are often small and medium-sized companies seeking IT support. But he said these attacks highlight the risk of relying on a centralized third party.
“We have basically surrendered too much trust, so if something happens to them, it will be a catastrophic event for your organization, and it is not your own fault,” he said.
in alarm, The Cybersecurity and Infrastructure Security Agency stated that it is “taking actions to understand and resolve the recent supply chain ransomware attacks.”
The event was the latest in a series of bold ransomware attacks this year, including attacks on American colonial pipelines, which prompted the Biden administration to commit to cracking down on the perpetrators.
At the Geneva summit last month, President Joe Biden urged Russian President Vladimir Putin to control ransomware hackers, many of whom are believed to be at large in the country.