After what appears a ransomware attack against the remote IT management platform Kaseya, which provides services to more than 40,000 organizations around the world, the US Cybersecurity and Infrastructure Security Agency (CISA) informed Friday evening it was taking action to understand and address the recent supply-chain ransomware attack against Kaseya and providers that employ their software.
Neither Kaseya nor CISA have pointed how the hackers may have gained access.
Kaseya said on Friday that it was investigating the possibility that it had been the victim of a cyberattack, urging customers that use its systems management platform, called VSA, to immediately shut down their servers to avoid the possibility of being compromised by attackers.
The company informed that it’s experiencing potential attack against the VSA limited to a small number of on-premise customers only and that it’s investigating the root cause of the incident.
Kaseya, who has taken their cloud service offline, initially said 200 companies were affected, but later changed that info with The New York Times reporting that some were asked for $5 million in ransom.
According to John Hammond of the cybersecurity firm Huntress Labs, the attack affected thousands of computers. US researchers says the Kaseya hack seemed to be the work of REvil, a group many US researchers have described as Russian-speaking.
REvil is a criminal syndicate the FBI blamed for the May ransomware attack on JBS, the Brazilian-based meat-packing conglomerate, forcing the company to pay $11 million ransom to to restore operations and prevent future disruptions.