Ransomware cyberattack hits hundreds of US businesses
Washington, July 03: US technology company Kaseya urged customers to shut down their servers on Friday after cyberattackers smuggled ransomware onto its network platform.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He added that the criminals used Kaseya's network-management package as a conduit to spread the ransomware through cloud-service providers.
Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that some 200 businesses "have been encrypted."
Kaseya said Friday evening that it had limited the attack to a "very small percentage of our customers" who use its software, "currently estimated at fewer than 40 worldwide."
Ransomware attacks typically involve locking data in systems using encryption and making companies pay to regain access. Such attacks infiltrate widely used software and spread malware as it updates automatically.
Unclear how many customers affected
"We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you immediately shutdown your VSA server until you receive further notice from us," Kaseya said in a message shared in a Reddit forum. "It's critical that you do this immediately, because one of the first things the attacker does is shut off administrative access to the VSA."
It was not immediately clear how many Kaseya customers might be affected. A virtual systems administrator, or VSA, is the company's main offering, which allows companies to manage networks of computers and printers from a single point. The company's US headquarters are in Florida and its international headquarters are in Ireland.
The US Cybersecurity and Infrastructure Security Agency (CISA) said that it was "taking action to understand and address the recent supply-chain ransomware attack" against Kaseya VSA and the service providers using the software.
The agency urged businesses to follow Kaseya's guidance and quickly shut down VSA servers to avoid having systems compromised. Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops network-paralyzing software and leases it to affiliates who infect targets and earn most of the ransoms.
The group is among ransomware gangs that steal data from targets before activating the ransomware.
The UN Security Council this week held its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries' key infrastructure. Multiple US companies, including the computer group SolarWinds, the Colonial oil pipeline and meat producer JBS have recently been targeted by ransomware attacks. The FBI has blamed those attacks on hackers based in Russian territory.
lc/rc (AP, AFP)
Source: DW
-
Gold Silver Rate Today, 10 March 2026: City-Wise Prices Edge Lower While MCX Gold And Silver Stay Range-Bound -
Hyderabad To Get Faster Road Link To Indore As New Highway Nears Completion, Opening Likely This Month -
Hyderabad Gold Silver Rate Today, 10 March 2026: Gold, Silver Slip In Local Market; MCX Also Trades Lower -
Oil Slumps 6% As Trump Claims Iran War Will Be Over 'Ahead of Schedule' -
Pune Gold Rate Today For 18K, 22K, 24K For Rates March 2026 -
Bangalore Gold Silver Rate Today, March 10, 2026: Gold and Silver Prices Go Up -
IPL 2026 Schedule Announcement On March 12: BCCI to Release First 20 Days of Indian Premier League Fixtures -
IPL 2026 Playing XI Prediction: CSK, MI, RCB, KKR, PBKS, GT, LSG, DC, RR, SRH Impact Sub & Full Team List -
Chennai Hotels Warn of Shutdown In 2 Days As LPG Supply Crunch Hits TN -
Trisha Shouldn't Have Attended The Event With Vijay: Parthiban -
Pakistan Facing Oil Crisis? PM Orders Shutdown Of Schools And Universities, Introduces 4-Day Workweek -
Flight Ticket Prices To Turn Costly Due To Iran Crisis? SpiceJet Chief Hints At Airfare Hike
Click it and Unblock the Notifications
Sign in with Google