Hackers attacked the American company Kasaya over the long weekend, demanding ransom money from more than 1,000 companies through its IT management software.
• read more: Massive recovery cyber attack targets businesses through Kasaya company
The first direct effect: a large supermarket chain in Sweden had to close more than 800 stores on Saturday, whose tests were paralyzed by the attack.
It is difficult at this time to estimate the extent of this ransomware attack, or “ransomware», A type of computer program that disables a company’s computer systems and demands a refund to open them.
Realizing a potential incident on its VSA software on Friday afternoon, on the east coast of the United States, Casey promised that the circular had been issued to “less than 40 customers worldwide.”
But it is these customers who provide services to other companies, allowing hackers to support their attacks.
According to computer security firm Honduras Labs, “more than 1000 companies” have been affected by this ransomware.
“Based on the number of IT service providers asking us for help and the feedback we see in this thread, it is reasonable to think that this could affect thousands of small businesses,” Huntrus Labs said in a post on the Rentid Forum.
“We do not currently have data on the number of companies involved,” said Brett Gallo, Msysof’s cyber security expert. But the scale of the attack is probably “unprecedented”.
Based in Miami, Casey sells IT tools to businesses, including VSA software, designed to manage networks of servers, computers, and printers from a single source. It has more than 40,000 customers.
Officers are watching
Ransomware attacks have been frequent, and in recent months the United States has been particularly vulnerable to attacks by large companies such as meat company JPS and the oil pipeline operator Colonial Pipeline, as well as local communities and corporate hospitals.
Many experts believe that the hackers behind these attacks are mostly Russia-centric. Moscow, which is suspected of involvement or involvement in their activities, denies any involvement.
But the event was one of the key issues raised by US President Joe Biden during a meeting with his Russian rival Vladimir Putin in mid-June.
Joe Biden, who ordered the hearing on Saturday, said: “The first thought is that this is not about the Russian government, but we are not sure yet.
“This latest ransomware attack, which has affected hundreds of companies, is a reminder to the US government that it must fight these foreign cybercriminal groups,” said Christopher Roberti, head of cyber security at the American Chamber of Commerce.
Eric Goldstein, one of its executives, says the US Agency for Cyber Security and Infrastructure Security (CISA) is “closely monitoring the situation.”
“We are working with Casey and we are working with the FBI to carry out awareness campaigns with the victims,” he told the AFP.
Stand in line to pay
The nature of the attack is similar to that used with computer management software publisher Solar Winds, which affected U.S. government agencies and businesses in 2020.
The latter, as stated by Washington for the Russian Secret Service, underscores Jerome Billois, the cybersecurity expert at the consulting firm Wavestone, in addition to “the logic of intelligence is that we are here to extort money.”
According to Honduras Labs, according to the methods used, the ransomware specifications and the web address provided by the hackers, this is a link to a group of hackers called REvil or Sodinokibi who are behind these hacks.
The group blamed the FBI for a cyber attack on JPS in late May.
The attack, which began on Friday, was “one of the most important and comprehensive I’ve ever seen in my life,” said Alfred Cycali of Shoke, a law firm in Hardy & Bacon, which is used to dealing with situations like this.
It is generally recommended not to pay the ransom, he insists. But he admits that sometimes “there is no other way”, especially when data cannot be backed up.
Mr Gallo says a group of hackers are “capable of managing conversations at once” if multiple companies choose to pay.
“If they had to stand in line for negotiations, the time lost would be very costly.”