At least two hundred companies have been affected by a major hack attack with ransomware. According to news agency Bloomberg The attack is still ongoing and carried out by the Russian-affiliated hacker group REvil, which was also behind the attack on a Brazilian meat processor in May.
The ransomware is most likely distributed via Kayesa remote IT management software. It is not clear in which countries the companies were affected exactly, but it certainly concerns a large number of companies in the United States.
The National Cyber Security Center (NCSC) in The Hague advises companies to disable Kayesa’s VSA product. According to the NCSC, VSA is widely used by management parties that provide ICT support to other companies.
“This is one of the most sweeping non-state attacks we’ve ever seen,” security expert Andrew Howard of Switzerland’s Kudelski Security told Bloomberg. “It seems purely intended to take money from me.”
The American cybersecurity company Huntress Labs has identified eight so-called managed service providers that are struggling with ransomware incidents. All these service providers use VSA. The two hundred companies affected by the hack are all customers of those managed service providers. The ransom demanded can be as high as $5 million per company, according to Huntress Labs.