A Miami-based IT software management company announced Friday that a ransomware attack may have targeted one of its tools used by its clients, potentially affecting some 200 businesses.
According to a notice posted by Kaseya, the IT company said it was “experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers” as early as 2 p.m. ET.
“We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us,” the company added, referring to the tool used by some companies to manage servers, desktops and network devices.
“Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA,” Kaseya said.
The Cybersecurity and Infrastructure Security Agency (CISA), a division of the the Department of Homeland Security (DHS), said on Twitter that it was “taking action to understand and address the supply-chain #ransomware attack against Kaseya VSA and the multiple #MSPs that employ VSA software.”
.@CISAgov is taking action to understand and address the supply-chain #ransomware attack against Kaseya VSA and the multiple #MSPs that employ VSA software. Review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers: https://t.co/48QLkEm1eY
— US-CERT (@USCERT_gov) July 2, 2021
When reached for comment, Eric Goldstein, CISA’s executive assistant director for cybersecurity, said in a statement shared with The Hill, “CISA is closely monitoring this situation and we are working with the FBI to gather information about its impact.”
“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately,” he added. “As always, we stand ready to assist any impacted entities.”
Independent security firm Huntress Labs told Reuters it was looking at service providers that had been used to hijack roughly 200 clients of Kaseya, ranging from small businesses to large companies.
Huntress senior security researcher John Hammond said in a statement, “This is a colossal and devastating supply chain attack,” according to Reuters.
Hammond added that the reported ransomware attack has “the potential to spread to any size or scale business.”
While it was not immediately clear who was behind the attack, Huntress told Reuters that it believed that the Russia-linked group blamed for an earlier ransomware attack on JBS USA, the nation’s largest provider of beef, could have also been responsible for the Friday incident.
The hacking comes as security experts and lawmakers have expressed growing concerns on the integrity of U.S. cybersecurity systems following a series of high-profile ransomware attacks, including on JBS and Colonial Pipeline.
The hack of the pipeline, which provides 45 percent of the East Coast’s fuel supply, resulted in a temporary shutdown of operations, fueling a massive panic and gas shortage across the country.