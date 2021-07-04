A supply-chain ransomware attack that hit hours before the beginning of a holiday weekend has already affected more than 200 businesses, researchers warn.
On Friday, information technology company Kaseya sent out a warning of a "potential attack" on its VSA tool, which is used by IT to manage and monitor computers remotely. Kaseya urged customers to shut down their servers running the service.
"Its critical that you do this immediately, because one of the first things the attacker does is shut off administrative access to the VSA," the company said.
Huntress Labs, a cybersecurity software company, which has clients that were affected by the attack, said they believe hacking group REvil is behind the ransomware attack. That's the same group that the FBI said was responsible for the attack on JBS Meats, which resulted in the company paying REvil $11 million in ransom.
Huntress Labs said they had found eight Managed Service Providers - companies that provide IT services to other companies on a contractual basis - that had been hit by the attack. Around 200 businesses that are served by these MSPs have been locked out of parts of their network, Huntress Labs said.
"It is absolutely the biggest non-nation state supply chain cyberattack that we've ever seen," Allan Liska, a researcher with cybersecurity firm Recorded Future said Friday. "And it's probably the biggest ransomware attack we've seen, at least the biggest since WannaCry."
The U.S. Cybersecurity and Infrastructure Security Agency urged companies in a statement to follow Kaseya's advice and said it is "taking action to understand and address the recent supply-chain ransomware attack."
Ransomware attacks have been on the rise since late 2019, as hackers band together and form cybercriminal gangs to extort companies for payment.