Hackers have attacked the US-based Casey to demand ransom from more than 1,000 companies through the VSA software it markets. The attack disabled updates on Kobe Sweden, one of the nation’s largest supermarket chains, which closed its operations on Saturday, July 3 and closed 800 stores. Estimating the extent of this ransomware attack is difficult at this time.
This type of computer program, also known as “ransomware”, uses a company’s or individual’s security holes to disable their computer systems and then demand ransom money to open them. Casey a “Sophisticated”, Confirms that it has been circulated “For a very small number of customers”.
On Friday evening, the company explained that it had realized a possible incident in its VSA software in the afternoon on the US East Coast, just before the weekend, which was extended by a public holiday on Monday. Then the company relied on it “Fewer than 40 customers worldwide” Affected. But the latter provide services to other companies.
According to IT security firm Huntress Labs, “More than 1,000 companies” Affected by this ransomware. Based in Miami, Cassia provides IT tools to small and medium-sized businesses, including the VSA tool, designed to manage the network of their servers, computers, and printers from a single source. It has more than 40,000 customers.
Officers are watching
American Institute for Cyber and Infrastructure Security (CISA) “Monitor the situation closely”Said Eric Goldstein, head of cyber security at the organization. “We are working with Casey to coordinate with the FBI to raise awareness among the victims.”, He added in a message.
Joe Biden, who ordered a hearing Saturday, said so “First impression it is not about the Russian government, but we are not sure yet”. “I will know more tomorrow”, he said, “I told Putin that if Russia knew about this and / or it was Russia’s fault, we would respond.” “
Ransomware attacks are frequent, and in recent months the United States has been particularly vulnerable to attacks affecting meat companies such as JPS and the oil pipeline manager colonial pipeline and large corporations and hospitals.
But in general “Cybercriminals run business by business”, Recalled Jerome Billois, cybersecurity expert at consulting firm Wavestone. “In this case, they attacked a company that provides computer systems management software, which allows it to reach dozens or hundreds of companies at once.”, He explains.
Determining how accurate it is is difficult because companies affected by this kind of situation lose their means of communication, Mr. Says Billois. And Casey, who asked his customers to shut down all of their computers, could not say if their computer was shut down. “By will or force”, He explains.
The logic of extorting money without spying
The nature of this attack is similar to that used against computer management software publisher Solar Winds, which affected U.S. government agencies and businesses by the end of 2020. The latter, as told by Washington to the Russian secret services, on the contrary “In the logic of intelligence, we are in the logic of extortion here.”, Mr. Underlines Pillois.
According to Honduras Labs, according to the methods used, the ransomware specifications and the web address provided by the hackers, it is a link to a group of hackers called Revil or Sodinocby, which is behind these intrusions. In early June, the FBI attributed the group to a computer attack against JPS.
The attack began on Friday “One of the most important and comprehensive I’ve ever seen in my life”, Says Alfred Saikali of Shoke, Hardy & Bacon, a law firm used to deal with situations like this. “I have never seen so many companies contact us on the same day for this type of attack.”, he said. It is generally recommended not to pay the ransom, he insists. But sometimes, especially when data cannot be stored, “There is no other way”, He agrees.
This attack “A wake-up call for the US government to fight these foreign cybercriminals.”, Sentenced Christopher Roberts in charge of cyber security in the US Chamber of Commerce.