On Friday, the American company "Kaseya," which provides IT management services to various businesses, suffered a cyber attack that demanded ransom from over a thousand companies using its system. This prompted a well-known retail chain in Sweden to temporarily close all of its 800 stores in the country. The Swedish company "Kop Sweden" announced that the cyber attack paralyzed its operations, which represent about 20% of the sector in the country, with sales nearing 1.5 billion euros.
Currently, it is difficult to estimate the actual scale of this cyber assault using ransomware. This type of software exploits security vulnerabilities in companies or individuals, encrypts computer systems, and demands a ransom to restore access. Kaseya detected the attack via its "VSA" software at noon on the East Coast of the United States, just before a long holiday weekend, as Monday is a public holiday. The company announced on Friday evening that the attack affected "fewer than 40 of its clients" worldwide. However, these clients in turn provide services to other companies. The attack targeted "more than a thousand companies," according to cybersecurity firm "Huntress Labs."
Kaseya, based in Miami, Florida, offers IT tools for small and medium-sized businesses, including the "VSA" tool dedicated to managing networks of servers, computers, and printers from a single source. The company has more than 40,000 clients. The U.S. Cybersecurity and Infrastructure Security Agency stated it is "closely monitoring the situation," according to cybersecurity official Eric Goldstein. Goldstein told AFP, "We are working with Kaseya and coordinating with the FBI to launch a public awareness campaign for potential victims."
Many U.S. companies have been targeted recently, including the IT firm "SolarWinds," the oil pipeline network "Colonial Pipeline," and the global meat giant "JBS," by ransomware attacks that led to production slowdowns or even halts. The FBI attributed these attacks to hackers based in Russia operating with implicit approval from the Kremlin. A cybersecurity expert from "Wevston" consulting noted that cybercriminals typically target companies individually. He added, "In this instance, they attacked a company providing IT management software, which allowed them to access dozens, if not hundreds, of companies simultaneously."
He emphasized that determining the actual number of companies affected by the attack is extremely complex as the targeted companies lose their means of communication. He continued that Kaseya, which advised its clients to shut down their systems, cannot determine whether the systems were shut down "voluntarily or by force." U.S. President Joe Biden, who ordered an investigation on Saturday, stated, "The initial thought was that this is not tied to the Russian government, but we are not sure yet." He added, "I will know more tomorrow, and if it is either knowingly and/or as a result of (actions from) Russia, I have told Putin that we will respond."
Christopher Roberti, the cybersecurity official at the U.S. Chamber of Commerce, said, "This recent ransomware attack affecting hundreds of companies is a reminder for the U.S. government to fight against these foreign criminal cyber groups."
