A multitude of companies threatened by a cyberattack in the United States

The attack paralyzed the checkouts of Coop Sweden, one of the largest supermarket chains in the country, which had to suspend its activity on Saturday.

It is difficult at this time to estimate the extent of this ransomware attack. Also calledransomware“,”text”:”ransomware”}}”>ransomware, this type of computer program exploits security holes in a company or an individual to cripple their computer systems and then demand a ransom to unlock them.

Kaseya, who on Saturday called the cyberattack a sophisticated, ensures that it has been circumscribed to a very small number of customers.

A long weekend

On Friday evening, the company explained that it realized a possible incident on its VSA software at midday on the American east coast, just before a weekend extended by a public holiday on Monday.

The company then believed thatcustomers in the world “,” text “:” less than 40 customers in the world “}}”>less than 40 customers worldwide were affected.

But the latter themselves provide services to other companies.

According to the company specializing in computer security Huntress Labs, companies “,” text “:” more than 1000 companies “}}”>more than 1000 companies have been affected by this ransomware.

Based in Miami, Kaseya provides IT tools for small and medium-sized businesses, including the VSA tool to manage their network of servers, computers and printers from a single source. It claims more than 40,000 customers.

US Agency for Cyber ​​Security and Infrastructure Security (CISA) closely monitor the situation, said Eric Goldstein, responsible for cybersecurity within the organization.

We work with Kaseya and coordinate with the FBI to conduct outreach to victims who may be affected., he added in a message sent to AFP.

Frequent attacks

Ransomware attacks have become frequent and the United States has been particularly hit in recent months by assaults affecting large companies such as meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as local communities and companies. hospitals.

Many experts believe that the hackers behind these attacks are often based in Russia. Moscow, suspected of covering or even being associated with their activities, denies any involvement.

But the phenomenon is growing to such an extent that it was one of the main points raised by US President Joe Biden during his meeting in mid-June with his Russian counterpart Vladimir Poutin.

Joe Biden, who on Saturday ordered an investigation, claimed that the first thought was that it was not about the Russian government, but we are not sure yet.

This latest ransomware attack affecting hundreds of businesses is a wake-up call for the US government to tackle these foreign cybercriminal groups, judged for his part Christopher Roberti, in charge of cybersecurity at the American Chamber of Commerce.

A logic of extortion

The nature of the attack is similar to that used with the publisher of IT management software SolarWinds, which had affected government organizations and American businesses by the end of 2020.

But usually cybercriminals work business by business, recalls Gérôme Billois, cybersecurity expert at the consulting firm Wavestone.

In this case, they attacked a company that provides computer systems management software, which allows them to simultaneously reach several dozen or even hundreds of companies., he explains.

It is complicated to determine the exact number, because in this kind of situation, the affected companies lose their means of communication, adds Mr. Billois. And Kaseya, who has asked her customers to shut down all their systems, can’t tell if their system has shut down. willingly or by force, he explains.

According to Huntress Labs, According to the methods used, the ransomware notes and the internet address provided by the hackers, it is an affiliate of the digital buccaneer group known as revile or Sodinokibi which would be at the origin of these intrusions.

The FBI blamed this group for the cyberattack on JBS in late May.

The attack launched on Friday is one of the most important and extensive I have seen in my career, says Alfred Saikali, of the law firm Shook, Hardy & Bacon, which is used to dealing with such situations.

It is generally recommended not to pay the ransom, he emphasizes. But sometimes, especially when the data cannot be saved, there is no choice, he admits.

If several companies choose to pay, it is not certain that the hacker group have the ability to manage simultaneous conversations, also remarks Mr. Callow.

If they have to stand in line to negotiate, the time lost can be very expensive..

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.