This is a new “giant cyberattack” that could affect many businesses around the world. About 40 Kaseya customers did not immediately disconnect the infected software.
This Saturday, July 3, the Kaseya company announced that it was the victim of a cyberattack. In the process, the company asked its 40,000 customers to immediately disconnect its VSA software. Forty customers were nevertheless infected. A thousand companies are now at risk of infection and could be victims of extortion attempts.
Another giant cyberattack on Kaseya
After WannaCry and the SolarWinds cyberattack, here is a giant new threat that hangs over more than 1,000 businesses around the world. As always, a single small flaw in an infrastructure can allow hackers to spread their malware endlessly.
This time it was Kaseya, which publishes computer network management software for businesses, which was affected. According to the American company, it is undoubtedly a “very sophisticated cyberattack” . An attack unleashed with a “perfect” timing , at the time of the weekend of July 4, date of the national holiday in the United States. A recent study showed that the majority of ransomware takes place either on weekends or at night, when teams are not available.
This new cyberattack on Kaseya seems fairly classic in the modus operandi chosen by the hackers who targeted a relay company, to reach through it a large number of structures. Instead of Kaseya’s VAS software update, some companies have received ransomware capable of crippling their computer systems by encrypting their data.
The classic ransomware modus operandi
Prior to the attack, vulnerabilities had been reported by a team of cybersecurity researchers. Then, the cybercriminals were able to unfold the classic ransomware scheme: once the data is blocked, they demand a ransom to regain access to the data before it is published on the web. About 40 companies were probably affected.
According to Huntress Labs: “Based on the number of IT service providers asking us for help and the feedback we see on this thread, it’s reasonable to think that it could potentially impact thousands. small businesses” .
The FBI is currently working with the Kaseya Company to try to limit the impact of the attack. The large Swedish supermarket franchise Coop had to close nearly 800 stores this weekend because of the cyberattack. The checkouts were completely blocked.
If Russia is behind the attack, Biden promises a response
According to Allan Liska, ransomware specialist for Recorded Future: “This is probably the biggest ransomware attack we’ve seen, certainly the biggest since WannaCry. ” WannCry is ransomware that has infected hundreds of thousands of computers in over 150 countries within hours. The attack could have been carried out thanks to software stolen from the NSA. North Korea has been accused by the United States and the United Kingdom.
The cybercrime threat is growing for businesses. In France, the Parliament is even pushing to create a prosecution dedicated to cybercrime, like the national anti-terrorism prosecution. The European Commission recently said that a special unit to protect against cyber attacks would even be created soon. Indeed, if in 2019 Europe recorded only 432 cyberattacks, in 2020, this figure has almost doubled to 756.
Russia, China and North Korea are among the countries from which many attacks are launched. State-backed hacker groups are usually singled out. In the case of this new attack on Kaseya, it is the Russian group REvil that may have acted in the shadows. The methods used by hackers are similar to those employed by this group of Russian-speaking hackers.
For his part, Joe Biden declared that: “The first indications do not directly show that the Russian government could be at the origin of this attack. On the other hand, if Russia knew about it or that it is because of the government , so I say to Vladimir Putin that we will answer” .