According to the computer security company Huntress Labs, many of the virtual attacks were attributed to hacker groups based in Russia that would operate with at least the tacit approval of the Kremlin.
At least 200 companies were targeted by an extortionate cyberattack through US-based Kaseya's management software, information security company Huntress Labs said on Friday.
We are investigating a possible attack on VSA (software) that appears to be limited to a small number of our users on the site, Kaseya noted on its website, adding that it shut down some servers "out of caution."
The group reported being "investigating the source of the problem." He also asked all of his customers, who are running his software, shutting down the servers that host it.
The US Cybersecurity and Infrastructure Agency (CISA) said on its website that it was taking steps to "understand and deal with the recent ransomware attack." against Kaseya's VSA program and multiple service providers.
Ransomware exploits the security holes of a company or individual. They lock your computer systems, then demand a ransom to unlock them.
According to Huntress Labs, "around 200 companies" were targeted by hackers. The group did not specify the size or sector of activity of the affected targets.
"According to the computer models, the ransomware notes and the TOR URL (the Internet address used), we firmly believe" that a member of the group of hackers known as Revel or Sodinokibi "is at the origin of these intrusions," Huntress Labs said in a message posted on the Reddit forum.
In early June, the FBI blamed this group of hackers for the computer attack on the global meat giant JBS, which paralyzed its activities in North America and Australia for several days.
The United States has been hit in recent months by a wave of cyberattacks on large companies such as JBS and pipeline operator Colonial Pipeline, as well as local communities and hospitals.
THE NEW METHODS
US and British agencies this week revealed details of the "brute force" methods that they reported had been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies, and others. Organizations.
A warning issued by the US National Security Agency describes attacks carried out by agents linked to the GRU, the Russian military intelligence agency, which has previously been linked to large cyberattacks abroad and efforts to disrupt the 2016 US elections. And 2020.
In a statement, NSA cybersecurity director Rob Joyce said the campaign was "probably ongoing, on a global scale."
Brute force attacks consist of automated access to sites with possible passwords until hackers gain access. The advisory urges companies to adopt methods that require security experts to consider common sense, such as two-factor authentication and a strong password.