Ransomware hack at IT provider Kaseya hits clients worldwide

Ransomware attacks on US-based tech giants are becoming increasingly common these days, and have been putting some major services at risk. A few months ago, ransomware hacking group DarkSide invaded the systems at Colonial Pipeline, the largest fuel pipeline in the United States, which led to a days-long shutdown, finally resulting in a hike in fuel prices as reserves dried up. And now, the latest (and apparently one of the largest) money-seeking hack that has jeopardized a US firm happens to have attacked another tech giant. IT provider Kaseya was hit with a huge ransomware attack on Saturday.

Domino Effect?

The attack, which was unusually sophisticated, sent ripples throughout the world on Saturday. So large and wide-reaching was its impact that Coop, a grocery store chain all the way in Sweden, was forced to shut down all 800 of its retail outlets, as it couldn’t operate its cash registers, which rely on services from Kaseya.

IT provided Kaseya hit with ransomware attack, Coop gets caught up
Image Credits: IT Supply Chain

The attack in question invaded the VSA, the desktop management tool operated by the company. Hacking group REvil is the prime suspect, as of now. The matter first came to light through Huntress Labs, and was later reported by Reuters.

It is said that many small scale firms might have been affected in wake of the attack. However, Kaseya has said that only around 40 per cent of its direct client base was impacted. The Miami-based company is currently working with the Federal Bureau of Investigation (FBI) to ascertain the extent of the harm done.

The Bureau has released a statement, asking those companies who had been affected, to employ “the recommended mitigations”, and shut down their VSA servers as soon as possible by following the guidelines issued by Kaseya itself. A working partnership has also been forged with the Cybersecurity and Infrastructure Security Agency in the US, for the investigation.

End Users Affected, Hit With Ransom Demands

The cyberattack was unique in the sense that the malicious file which was uploaded onto the VSA tool did not stay localized at the IT service provider, and instead, made its way to the files stored at the user end as well, sending out messages asking for thousands and millions of dollars as ransom.

In Coop’s case, the affected tool was crucial for automatically updating checkout tills. This prevented it from accepting payments, as per a statement by spokesperson Therese Knapp. While Coop isn’t a direct client to the Miami firm itself, it does make use of services provided by Visma Esscom, a Swedish company providing support to a number of businesses, and which uses the technology supplied by IT provider Kaseya.