The “colossal” ransomware attack last week on software manager Kaseya, an international company that remotely controls software programs for businesses, could end up affecting many more than the reported 200 U.S. companies after all the dust has settled, according to a security firm researcher.
Cybersecurity firm Huntress Labs senior security researcher John Hammond said that while it is unclear how many firms will end up victimized by last Friday's attack, it would be reasonable to expect the current number to rise many fold.
“It’s reasonable to think this could potentially be impacting thousands of small businesses,” Hammond told NBC News. In a direct message on Twitter, Hammond told NPR that, “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business.”
“This is a colossal and devastating supply chain attack,” Hammond added.
Brett Callow, a ransomware expert at another cybersecurity firm, Emsisoft, echoed sentiments regarding the size of the attack, nothing that he’d never seen anything of this scale.
“This is SolarWinds with ransomware,” Callow told NPR.
Other experts suggested that the attacks were specifically targeted for the July 4th holiday weekend, when IT or cybersecurity staff is potentially lower than a typical week—and less capable of a quick response.
And despite the focus on U.S. companies, international companies have also been affected; one of Sweden’s largest grocery chains had to temporarily close nearly all of its 800 stores.
Cybersecurity experts say that the affected computers and malware show similar patterns to those utilized by ransomware gang REvil, which has orchestrated supply chain hacks like this one in the past.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has also issued a statement saying that they are “taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software.”
Exterro often emphasizes the importance of third-party vendor management, and ensuring that you know which third parties have access to what types of data. Having that information on hand helps to make the ensuing breach response processes (including notification of affected parties) a little less onerous—and in situations like this, everyone could use a little less stress.
Breach Management software like Exterro's integrated solution enables you to be confident that your incident and breach response process is both documented and defensible. Leveraging the NIST Standards Playbook, Exterro bridges the gap between Information Security, IT and your Legal team to ensure a comprehensive and documented process. It eliminates current ad-hoc, risky approaches, delivering greater predictability, transparency and speed to resolution.
With incidents on the rise, businesses must seek the right technology to help handle breaches.