About 200 companies are the target of a cyberattack with a ransom note via management software from the American company Kaseya, the computer security company Huntress Labs said on Friday.
Read also: The risk of cyber attacks increases for the financial system
“
We are investigating a potential attack against the (software) VSA which appears to have been limited to a small number of our on-site customers only,
” Kaseya said on its website, adding that it closed “out of
caution
” some servers.
The group, which says it is "
investigating the source of the problem
", has also asked all its customers running its software on site to shut down the servers hosting this software.
Ransomware
The US Agency for Cybersecurity and Infrastructure Security (CISA) said on its own website that it was taking action "
to understand and address the recent ransomware attack
" against Kaseya's VSA software and multiple service providers. IT management who use this software. She "
encourages companies to follow Kaseya's advice, including immediately following their procedure for shutting down servers
" related to the software.
Ransomware, or "
ransomware,
" exploits security holes in a business or individual to encrypt and block their computer systems, demanding a ransom to unlock them. According to Huntress Labs, “
around 200 companies have been encrypted,
” without the group specifying the size or nature of these targeted companies. "
Based on the computer models, ransomware notes and TOR URL (the internet address used), we strongly believe
" that an affiliate of the hacker group known as Revel or Sodinokibi "
is here. 'origin of these intrusions
,' says Huntress Labs in a message posted to the Reddit forum.
Read also: Cyber attacks: why your health data is so fragile and coveted
The FBI had at the beginning of June attributed to this group the computer attack against the global meat giant JBS which had paralyzed its activities in North America and Australia for several days.
The United States has been hit in recent months by a wave of ransomware cyber attacks affecting large companies like JBS and the oil pipeline operator Colonial Pipeline, as well as local communities and hospitals.
Many of these attacks are attributed to Russian-based hacker groups operating at least with the tacit approval of the Kremlin.