Ransomware attack impacted hundreds of US companies

Ransomware attack impacted hundreds of US companies
Image by Gorodenkoff, Shutterstock
Here's how ransomware criminals target internet service providers

A massive ransomware attack on Friday left more than 200 U.S. companies paralyzed, according to one cybersecurity researcher affiliated with a company involved in the response to the incident.

According to ABC News, John Hammond, a cybersecurity researcher for the security firm Huntress Labs, believes the latest attack was carried out by a known Russian ransomware syndicate known as the REvil Gang. The syndicate is the same one the Federal Bureau of Investigation (FBI) to the attack on JBS SA meat processing plant back in May.

Hammond said, "the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers."

At the time, he tweeted, "Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi."

A number of other researchers have also agreed with Hammond's evaluation of the matter. In a direct message sent to the publication, Hammond briefly explained the supply chain attack.

"Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business," Hammond said via Twitter. "This is a colossal and devastating supply chain attack."

Other cybersecurity researchers have also spoken out about the ransomware attack. Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, admitted that he has not seen many attacks of this caliber. While there have been other attacks, he noted that those paled in comparison to this one.

"This is SolarWinds with ransomware," Callow said.

Jake Williams, cyber researcher and president of Rendition Infosec, revealed he was already responding to the incident on behalf of six other companies. He also believes the attack was deliberately planned for the holiday weekend as most companies have a relatively low IT staff during these times.

"There's zero doubt in my mind that the timing here was intentional," Williams said.

At this point, Kaseya is still unaware of the extent of the ransomware impact on its customers. However, the federal Cybersecurity and Infrastructure Security Agency (CISA) released a statement on Friday night advising anyone who might be impacted to "follow Kaseya's guidance to shut down VSA servers immediately."


Understand the importance of honest news ?

So do we.

The past year has been the most arduous of our lives. The Covid-19 pandemic continues to be catastrophic not only to our health - mental and physical - but also to the stability of millions of people. For all of us independent news organizations, it’s no exception.

We’ve covered everything thrown at us this past year and will continue to do so with your support. We’ve always understood the importance of calling out corruption, regardless of political affiliation.

We need your support in this difficult time. Every reader contribution, no matter the amount, makes a difference in allowing our newsroom to bring you the stories that matter, at a time when being informed is more important than ever. Invest with us.

Make a one-time contribution to Alternet All Access, or click here to become a subscriber. Thank you.

Click to donate by check.

DonateDonate by credit card
Donate by Paypal
{{ post.roar_specific_data.api_data.analytics }}