Miami Based IT Vendor "Kaseya" Attacked By Ransomware

The malware was critical as it attacked a wide range of IT companies and compromised hundreds of corporate clients.

Just when US Cyber Security officials were tracking the JBS Food attack that happened about last month, another major United States Software Company is targeted by a malicious ransomware gang.

Cyber Security Firm Emsisoft’s analysis shows that it was created by REvil, the same ransomware gang that attacked JBS Food about a month ago.

Reports suggest that it most likely came from Eastern Europe or Russia, exactly the same location where JBS Meat was being attacked and more than that, right after a month. JBS Meat Cyber incident happened exactly about a month ago, i.e June 1^st, 2021.

Kaseya is a key software company owned by CEO Fred Voccola. It is an automation software provider that offers remote management software for information technology. These products are used mainly by top IT management companies.

'Colossal and devastating' cyber attack on US businesses to be investigated for ties to Russia https://t.co/15bTeS5aAo
— ABC News (@abcnews) July 4, 2021

“The fact is that I directed the intelligence community to give me a deep dive on what’s happened and I’ll know better tomorrow. And if it is either with the knowledge of and/or the consequence of Russia, then I told Putin we will respond,”
“We’re not certain. The initial thinking it was not the Russian government but we’re not sure yet,”
US President Joe Biden on this incident

Kaseya reported on a blog post.

“We are investigating a potential attack against the VSA that indicates to have been limited to a small number of our on-premises customers only,” Kaseya said. “We have proactively shut down our SaaS servers out of an abundance of caution.”

Cybersecurity has major concerns regarding these cyber attacks. For the past few months, US top companies have suffered ransomware attacks demanding huge amounts. The latest, rapidly unfolding attack prompted alarm among cybersecurity experts.

“If you use Kaseya VSA, shut it down *now* until told to reactivate and initiate (incident response),”
Christopher Krebs, Former Director Of The Department Of Homeland Security’s Cybersecurity and Infrastructure Security Agency

Source: CNN News

News Flash: cybercriminals are a$$holes.

Keep all the Incident Response teams in mind this holiday weekend as they're in the thick of it…again.

If you use Kaseya VSA, shut it down *now* until told to reactivate and initiate IR. Here's the binary: https://t.co/NIuGJZW84p https://t.co/GSXPlOPjFt
— Chris Krebs (@C_C_Krebs) July 2, 2021

Meanwhile, three of the compromised IT service providers are among Huntress Labs’ own cybersecurity clients,

“We have direct knowledge of it now and we have confirmed it is indeed REvil,”
Hanslovan, Malware Connoisseur – Ethical Hacker.

He further stated, as many as 200 of the three affected IT service providers’ customers have been compromised by the malware. Whereas, in its own advisory, CISA said it is working to understand and address the issue.

Multiple US companies are being targeted by ransomware gangs. Ransomeware attacks, phishing, etc are getting common these days, for the past few months we have seen Facebook Data leaks that even included Mark Zuckerberg’s data. Binance getting hacked and many lost a lot of money. Colonial pipeline being attacked by hackers not only that! a few days ago, Mcdonald’s also had a data breach. The majority of big names are being targeted.