Article
Cyber Security

Major cyber attack hits 200 American businesses

By Tilly Kenyon
July 05, 2021
undefined mins
Share
Hundreds of American businesses were hit on Friday by a sophisticated attack that hijacked widely used technology management software from IT firm, Kaseya

Joe Biden has directed US intelligence agencies to investigate a sophisticated ransomware attack that hit hundreds of American businesses as the Fourth of July holiday weekend began. 

Huntress Labs, a cybersecurity company, said on Friday that 200 American businesses were hit after an incident at the Miami-based IT firm Kaseya. 

The hackers who struck hijacked widely used technology management software from a supplier, Kaseya, that has headquarters in Dublin and Miami. They changed a tool called VSA, used by companies that manage technology at smaller businesses, then encrypted the files of those providers’ customers.

Kaseya said it was investigating a “potential attack” on VSA, which IT professionals use to manage servers, desktops, network devices, and printers. 

 

International effects

 

The effects were felt not only in America but internationally too. In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because cash registers weren’t working, according to the public broadcaster. State railways and a major pharmacy chain were also affected.

A spokeswoman for Coop Sweden told the BBC: "We first noticed problems in a small number of stores on Friday evening around 6:30pm so we closed those stores early. Then overnight we realised it was much bigger and we took the decision not to open most of our stores this morning so that our teams could work out how to fix it.

"The whole paying system at our tills and our self-service checkouts stopped working so we need time to reboot the system."

The supermarket itself was not targeted by hackers, but is one of a growing number of organisations affected by an attack on a large software supplier the company uses indirectly.

 According to a company update Saturday night, Kaseya only received a single report of a new infection Saturday from a client who left their VSA server on.

“We are confident we understand the scope of  the issue and are partnering with each client to do everything possible to remediate. We believe that there is zero related risk right now for any VSA client who is a SaaS customer or on-prem VSA customer who has their server off,” the company wrote.

 

cyberattackKaseyaData
Share
Latest

Digital Magazine

Read Now
Read the latest Digital Magazine today!

Featured Articles

Cisco Talos: Tracking Ransomware’s 35 Year Evolution

Martin Lee, Technical Lead for Security Research, Cisco Talos highlights how the ransomware landscape has shifted across the last 35 years

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

Cyber Security

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI