Kaseya, a software company that provides services to more than 40,000 organizations around the world, said Friday that it is investigating the possibility of being a victim of a cyber attack.
The company has requested customers using its VSA systems management platform to shut down their servers immediately to avoid the possibility of compromise by an attacker.
“We are witnessing a potential attack against the VSA that is limited to only a small number of local customers,” the company wrote on its website. “We are in the process of investigating the cause of the incident with the utmost vigilance.”
Kaseya did not respond to a request for comment.
John Hammond, a researcher at cybersecurity firm Huntress Labs, said at least eight companies that provide security or technology tools to hundreds of other small businesses may have been “compromised” by the Kaseya attack. He added that REvil, a Russian cybercriminal who the FBI said was behind the hacking of the world’s largest meat processor, JBS, in May, was most likely to blame.
Some of the affected companies have been asked for a $ 5 million ransom, Hammond said. At least 200 companies are at risk, said Huntress.
“Kaseya serves large businesses to small businesses around the world, so it ultimately has the potential to expand to businesses of all sizes and sizes,” said Hammond. “This is a colossal and devastating attack on the supply chain.”
The US Cybersecurity and Infrastructure Security Agency also described the incident in a statement on its website as a “supply chain ransomware attack”. It asked Kaseya’s customers to shut down their servers and said it was being investigated.
Hackers have carried out a number of prominent cyberattacks against US companies in the past few months, including JBS and Colonial Pipeline, which are hauling fuel along the east coast. Both were ransomware attacks in which hackers attempted to shut down systems until a ransom was paid. Video game company Electronic Arts was also recently hacked, but its data was not held for ransom.