Saturday was a busy day for businesses as they tried to stop a ransomware attack from crippling their computers networks. This situation was made more difficult in America by the fact that offices were not fully staffed during the Fourth of July holiday weekend.According to SVT, Sweden's public broadcaster, most of Coop's 800 stores in Sweden were closed due to cash register problems. Affected were also the Swedish State Railways, and a major local pharmacy chain.Cybersecurity experts believe the REvil Gang, a major Russian-speaking ransomware organization, is behind the attack on Kaseya Software. They used its network-management package to spread ransomware through cloud service providers.Fred Voccola, Kaseya CEO, stated in a statement that his company believes that it has identified the root cause of the vulnerability. We will release the patch as soon as possible to help our customers get back on track.Huntress Labs security firm John Hammond said that he knew of several managed-services provider companies hosting IT infrastructure for multiple clients being affected by ransomware. This encrypts networks and then demands payment from attackers.Hammond said that it is reasonable to believe this could have an impact on thousands of small businesses. He based his estimate on service providers reaching out and comments to Reddit showing how other respond to him.Voccola stated that less than 40 Kaseya customers are affected. However, hundreds of other companies that rely upon Kaseya for their IT services could be still be being affected by the ransomware.Voccola stated that the problem only affects its customers on-premise, which is organizations with their own data centers. He said that the cloud-based services that run software for customers are not affected by the problem, but Kaseya did shut down those servers to prevent it.Continue the storySaturday's statement by the company stated that ransomware victims who receive communication from the attackers has to be careful about clicking on links. They could be weaponized.Katell Thielemann, Gartner analyst, stated that Kaseya acted quickly but that it is less clear if their clients were as prepared.She said that they reacted with a lot of caution. "But the truth is that this event was designed to maximize impact by combining a supply chain attack and a ransomware attack.Supply chain attacks are typically used to infiltrate software that is widely used and spread malware.The fact that the incident occurred during a major holiday weekend in America complicates the situation. Most corporate IT departments aren't fully staffed.This could make it difficult for organizations to fix other security flaws, such as a Microsoft bug that affects software for printing jobs. James Shank from threat intelligence firm Team Cymru said.He said that Kaseya customers are in the most dire situation. They are racing against the clock to update critical bugs.Shank stated that it is reasonable to believe that hackers planned the holiday's timing.In a statement, the federal Cybersecurity and Infrastructure Security Agency stated that it was closely monitoring the situation and is working with the FBI in order to gather more information about its effects.CISA asked anyone affected by Kaseya's directive to immediately shut down VSA servers.Privately held Kaseya is located in Dublin, Ireland with a U.S. head office in Miami.Experts believe that REvil was responsible for the attack. It is the same ransomware company that the FBI linked with an attack on JBS SA (a major global meat processor) during the Memorial Day weekend in May.The group has been active since April 2019 and provides ransomware as-a-service. This means it creates and leases ransomware to its affiliates, who infect targets and make the largest share of ransoms.Brazil-based meat producer said it had paid $11 million to hackers. This escalated U.S. law enforcement's calls to bring these groups to justice.
