After cyberattack smuggled malware onto its network infrastructure, a US IT business ordered clients to shut down their servers on Friday.
Kaseya stated Friday evening that the attack had been limited to a “very small number of our clients” that use its distinctive VSA software, which is “currently estimated to be fewer than 40 worldwide.”
Huntress Labs, a cybersecurity firm, had previously stated in a Reddit forum that it was working with partners targeted in the attack and that 200 firms had been “encrypted.”
Ransomware attacks often entail encrypting data in systems and demanding payment to recover access.
Kaseya describes itself as a leading provider of small and medium-sized business IT and security management services.
VSA, the company’s flagship product, is designed to allow businesses to manage computer and printer networks from a single location.
At lunchtime on the US east coast, the corporation became aware of a suspected VSA situation and “immediately shut down” its servers as a “precautionary measure,” it claimed.
Kaseya further stated that it “quickly contacted our on-premises clients through email, in-product notes, and phone to shut down their VSA servers to protect them from being compromised.”
“We think we have discovered the source of the vulnerability and are working on a fix to address it,” the business stated in a statement.
The attackers were members of the hacking group REvil, according to the New Zealand government’s Computer Emergency Response Team.
According to the FBI, REvil was also behind last month’s attack on JBS, one of the world’s largest meat processors, which resulted in the Brazil-based company paying the hackers $11 million in bitcoin.
The US Cybersecurity and Infrastructure Security Agency (CISA) announced that it was “taking steps to understand and solve the recent supply-chain ransomware attack” against Kaseya VSA and the service providers that use its software.
CISA urged enterprises to follow Kaseya’s advice and shut down VSA servers as soon as possible to avoid having their systems attacked.
Kaseya’s US headquarters are in Florida, and its worldwide headquarters are in Ireland.
The United Nations Security Council convened its first formal public discussion on cybersecurity this week, addressing the growing threat of cyberattacks on countries’ critical infrastructure, a topic that US President Joe Biden recently highlighted with Russian counterpart Vladimir Putin.
Several Security Council members emphasized the tremendous dangers posed by cybercrime, particularly ransomware assaults on critical infrastructure and businesses.
Ransomware assaults have lately targeted several US organizations, including the computer group SolarWinds and the Colonial oil pipeline.
The FBI has blamed the attacks on Russian-based hackers.