The Epoch Times A ransomware attack on a Florida-based software management firm impacted some 200 companies and is being investigated by federal authorities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said on Twitter that it âis taking action to understand and address the supply-chain ransomware attack against Kaseya,â and several managed service providers that use the companyâs software.
Kaseya alerted its customers at 2 p.m. EDT on Friday about a âpotential attackâ against its VSA software.
âWe are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers,â the brief alert said.
âWe are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shut down your VSA server until you receive further notice from us,â the notice continued. âItâs critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA.â
Security firm Huntress said on Reddit it has so far identified eight managed service providers affected by the hack. The firm said it was too early to say if Kaseya had been hacked.
âOur team has been in contact with the Kaseya security team for the past hour. They are actively taking response actions and feedback from our team as we both learn about the unfolding situation,â the post by Huntress said.
Huntress separately told Reuters that 200 companies are affected.
âThis is a colossal and devastating supply chain attack,â Huntress senior security researcher John Hammond said in an email to Reuters.
Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies âit has the potential to spread to any size or scale business.â Many managed service providers use VSA, although their customers may not realize it, experts said.
Some employees at service providers said on discussion boards that their clients had been hit before they could get a warning to them.
The Epoch Times reached out to Kaseya for comment.
A private security executive working on the response effort said that ransom demands accompanying the encryption ranged from a few thousand dollars to $5 million or more.
The corruption of an update process shows a marked escalation in sophistication from most ransomware attacks, which take advantage of security loopholes such as common passwords without two-factor authentication.
Kaseya has 40,000 customers for its products, though not all use the affected tool.
Reuters contributed to this report.
