Kaseya hack floods hundreds of companies with ransomware ' TechCrunch

A flood of ransomware impacted hundreds of businesses around the globe on Friday. File-encrypting malware caused disruption to hundreds of businesses and forced them to close.They all had one thing in common: they were using Kaseya's remote control and network management software. Software is developed by the Miami-based company to remotely manage IT networks and devices. The software is then sold to managed service providers who outsource IT departments to be used by their customers to manage their networks, which are often smaller businesses.Hackers associated with Russia-linked REvil ransomware as-a-service are believed to have exploited a previously unknown security flaw in the softwares upgrade mechanism to push ransomware down to Kaseyas customers. This ransomware then spread downstream to their customers. Many companies that were eventually victims of the attack might not have known Kaseyas software was monitoring their networks.Kaseya advised customers to immediately shut down their servers on Friday. The cloud service, though not thought to be affected, was taken offline as a precaution.[Kaseya] demonstrated a sincere commitment to doing the right thing. We were unfortunately defeated by REvil in our final sprint. Security researcher Victor GeversJohn Hammond is a senior security researcher at Huntress Labs. He said that about 30 managed services providers were affected, which allowed the ransomware spread to over 1,000 businesses.Kaseya updated Monday night to say that 60 Kaseya customers had been affected. This puts the downstream victims down to fewer than 1,500.It is now clearer how hackers managed to pull off the largest ransomware attack in recent history.Dutch researchers discovered several zero-day vulnerabilities within Kaseyas software during an investigation into security of web-based administrator tools. Zero-days are given this name because it gives companies zero time to fix the problem. Victor Gevers, the head of the research group, stated that the bugs were already being fixed by Kaseya when hackers attacked.The Wall Street Journal was told by Fred Voccola, Kaseyas chief executive, that its corporate systems had not been compromised. This lends more credence to security researchers' working theory that Kaseyas customers' servers were each compromised using a common vulnerability.According to the company, all servers that run the affected software must be kept offline until the patch is available. Voccola stated to the paper that patches will be available by Monday night.Just as millions of Americans were heading into the long July Fourth weekend, the attack started late Friday afternoon. CrowdStrikes senior vice-president of intelligence Adam Meyers said that the attack was precisely timed.It is not accidental that the timing and target for this attack were chosen. Meyers said that it is a Big Game Hunting attack. It was launched against a target in order to maximize profit and impact through a supply chain on a holiday weekend when defenses are down.Over the weekend, a notice was posted on a dark website known to be managed by REvil. It claimed that REvil was responsible for the attack and that the ransomware group would release a decryption program if $70 million in bitcoin is received.The group claims that more than one million systems were infected.