Kaseya, a software company that gives companies to greater than 40,000 organizations world wide, stated on Friday that it was investigating the chance that it had been the sufferer of a cyberattack.
The company urged clients that use its techniques administration platform, referred to as VSA, to instantly shut down their servers to keep away from the potential for being compromised by attackers.
“We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only,” the company posted on its website. “We are in the process of investigating the root cause of the incident with the utmost vigilance.”
Kaseya didn’t reply to a request for remark.
John Hammond, a researcher on the cybersecurity company Huntress Labs, stated that no less than eight corporations that present safety or expertise instruments for a whole lot of different small companies might need been “compromised” by the Kaseya assault. He added that REvil, a Russian cybercriminal group that the F.B.I. stated was behind the hacking of the world’s largest meat processor, JBS, in May, was more than likely guilty.
Some of the affected corporations had been being requested for $5 million in ransom, Mr. Hammond stated. At least 200 corporations had been in danger, Huntress stated.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business,” Mr. Hammond stated. “This is a colossal and devastating supply-chain attack.”
The United States Cybersecurity and Infrastructure Security Agency additionally described the incident in a statement on its website as a “supply-chain ransomware attack.” It urged Kaseya’s clients to close down their servers and stated it was investigating.
Hackers have carried out a slate of distinguished cyberattacks in opposition to U.S. corporations in latest months, together with JBS and Colonial Pipeline, which strikes gasoline alongside the East Coast. Both had been ransomware assaults, through which hackers attempt to shut down techniques till a ransom is paid. The online game company Electronic Arts was additionally just lately hacked, however its knowledge was not held for ransom.