JAKARTA - Cybersecurity firm Huntress Labs, said a successful ransomware attack on one company has now spread to at least 200 other companies' software files worldwide. This incident made it one of the largest criminal ransomware attacks in the history of the digital world.
The attack, first came to light Friday afternoon July 2nd. The attack, believed to be affiliated with the prolific REvil ransomware gang. The attack began with Kaseya, an international company that remotely controls programs for other companies and manages internet services for businesses.
Kaseya announced Friday afternoon that it had been attacked by hackers and warned all of its customers to stop using its service immediately.
John Hammond, senior security researcher at Huntress, who responded to Kaseya's statement, said at least four of Kaseya's customers were hacked.
Kaseya alone manages a huge number of businesses so it's unclear how many will fall victim to the ransomware over the weekend. However, according to Hammond, there are already around 200 organizations or companies that have been affected and this is expected to increase.
The attack, which was carried out ahead of the July 4 US Independence Day holiday, is considered no accident. Ransomware hackers often time their attacks to start at the start of a holiday or weekend. This is done to minimize the number of professional cybersecurity officers who might be able to quickly jump in and stop the spread of their malicious software.
Alex Dittemore, founder of SoCal Computers, a small company that manages online services for a number of businesses in California, said his company and all of its clients began being "locked in" Friday by a ransomware attack.
He keeps a backup of all his data. However, they didn't start recovering their computers until Kaseya provided more guidance on when they first became infected with ransomware.
"One of the things, which is a little frustrating at the moment, is that there isn't much news coming out of Kaseya. We're all in a holding pattern, just holding on," he said.
"I had 300, 400 people on Tuesday expecting to get back to work," Dittemore said. "It would be nice if we could get some kind of decryption key or a golden bullet."
According to the findings of several researchers, the malicious software used to encrypt victims' computers appears to be similar to the type normally used by REvil. They are known as, the ransomware gang which consists mostly of Russian speakers.
In the past, REvil has tried to attack "supply chain" businesses, where a hacker pursues targets connected to multiple organizations. Their hope was that one compromise would work and would lead to more.
The US Cybersecurity and Infrastructure Security Agency announced late Friday that it would "take action to understand and address" the attack.
Eric Goldstein, CISA's assistant executive director for cybersecurity, said his agency and the FBI had begun to assess the scenario.
"CISA is closely monitoring this situation and we are working closely with the FBI to gather information on its impact," Goldstein said in an emailed statement.
"We encourage all parties who may be affected to use the recommended mitigations and for users to follow Kaseya's guidelines," he said.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
