Kaseya
WORLDWIDE RANSOMWARE ATTACK
$70m demanded after major IT supplier hit
A RUSSIAN-BASED group of hackers known as REvil has broken into Kaseya, a Miamibased company that provides IT services, including VSA, a remote monitoring tool for networks. Modifications were made to VSA, which was unwittingly used by the victims, enabling the hackers to start encrypting files. As soon as the breach was noticed, Kaseya recommended that its customers shut down VSA, and it took all its data centers offline. A fix was in place three days later, but damage had been done. Part of VSA’s job is the automated distribution of software across networks, which makes it an ideal target for these attacks. It’s unclear how many companies have been compromised; Kaseya claims it’s 50. However, these companies have their own customers, and it’s estimated that 1,000 to 2,000 business have been compromised. Among them was a Swedish grocery chain that had to close 800 stores as its tills stopped working. Fortunately, damage in the US appears to be light, but that is down to luck. This looks like the biggest ransomware attack yet.