- The Biden Administration launches an investigation into a weekend cyberattack against US-based software giant Kaseya
- While President Joe Biden says he’s not yet certain who is behind the attack, security firm Huntress Labs pegs the blame on a Russian hacking group
- The attack, which is the largest ever of its kind, hit 40 Kaseya managed service provider (MSP) customers
- President Biden has directed the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to help Kaseya investigate the attack
- Kaseya says it hopes to kick off the restoration process to bring its data centres online by the end of day Monday, local time
The Biden Administration has launched an investigation into a weekend cyberattack against US-based software giant Kaseya, with Russian hackers believed to be responsible.
The attack hit 40 of Kasera’s managed service provider (MSP) customers, though the company said none of its software-as-a-service (SaaS) customers was ever at risk.
Nevertheless, the 40 customers likely indicate a significantly broader attack given MSPs often service dozens of end customers each. In light of this, the attack is the largest ever of its kind, experts say.
While the president said authorities were not certain who was behind the attack, US security firm Huntress Labs has pegged the blame on a Russian hacking group known as REvil. This is the same group blamed for last month’s large-scale cyberattack on JBS, the world’s largest meat processor.
President Biden said the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working with Kaseya to investigate the attack and conduct outreach to impacted victims.
The attack was a ransomware attack, which typically involves the hacker seizing control of a business’ important digital assets — like a workplace server, for example — and locking up and encrypting the asset.
The business is then ordered to pay a certain fee in order to receive a decryption code to recover their assets, lest the hackers destroy them for good.
Typically, the hackers keep their word and restore the asset once the company pays up. Such was the case for JBS, which admitted to paying some $11 million to the hackers to resolve the ransomware attack.
The exact nature of the Kaseya ransomware attack is so far unknown, but Kaseya urged customers who experienced ransomware and received communication from the attackers to avoid clicking on any links sent by the hackers, because they may be weaponised.
Huntress Labs spokesperson John Hammond called the event a “colossal and devastating” supply-chain attack and added that the cyberattack targeted more than 1000 companies around the world.
Kaseya said in its most recent update it hopes to kick off the restoration process to bring its data centres online by the end of day Monday, local time.