A ransomware attack on Friday compromised at least 200 U.S. companies, according to a cybersecurity company.
John Hammond, of the cybersecurity firm Huntress Labs Inc., said that the REvil gang, a Russian-linked hacking group, appears to be behind the attack, Bloomberg reported.
The hackers targeted managed service providers, which usually support small- to medium-sized businesses, Huntress Labs told Bloomberg. Hammond told The Associated Press that the group targeted a software supplier called Kaseya. The hackers used the company’s network-management package to spread the ransomware through cloud-service providers, the AP reported.
“From what we know now, we have eight MSP partners that are affected,” Hammond told Bloomberg. “Those MSPs (managed service provider) customers add up to at least 200 businesses that are encrypted and ransomed as a result of their MSP being compromised.”
Hammond did not identify the managed service providers that were attacked, the news service said.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter, according to the AP. “This is a colossal and devastating supply chain attack.”
Hammond said he expected the number of hacking victims to “significantly rise” as more compromised managed service providers are discovered, according to Bloomberg.
“This is one of the most broadly impactful, non-nation state executed, attacks we have ever seen, and it appears purely designed to extract money,” Andrew Howard, chief executive officer of Switzerland-based Kudelski Security, told Bloomberg. “It is difficult to (imagine) a better way for an attacker to distribute malware than through trusted IT providers.”
Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any ransomware attacks on this level. He called other attacks fairly minor, the AP reported.
“This is SolarWinds with ransomware,” Callow said, referring to a Russian cyber-espionage hacking campaign discovered in December.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said it was no accident that the hack occurred on the Fourth of July weekend, when information technology staffing is generally thin.
“There’s zero doubt in my mind that the timing here was intentional,” Williams told the AP.