Ransomware group behind meat supply attack threatens hundreds of new targets – By Robert McMillan (The Wall Street Journal) / July 3 2021
Security firm says REvil hacking group targeted Kaseya software to compromise new targets
The ransomware group that collected an $11 million payment from meat producer JBS about a month ago has begun a widespread attack that could affect hundreds of organizations world-wide, according to cybersecurity experts.
The group, known as REvil, has focused its attack on Kaseya VSA , software used by large companies and technology-service providers to manage and distribute software updates to systems on computer networks, according to security researchers and VSA’s maker, Kaseya Ltd.
The use of trusted partners like software makers or service providers to identify and compromise new victims, often called a supply-chain attack, is unusual in cases of ransomware, in which hackers shut down the systems of institutions and demand payment to allow them to regain control. The Kaseya incident appears to be the “largest and most significant” such attack to date, said Brett Callow, a threat analyst for cybersecurity company Emsisoft.
Upon learning of the attack Friday, Kaseya immediately shut down its servers and began warning customers, the company said. As of Friday evening, it said, only customers running the software on their own servers, rather than users of Kaseya’s online service, appear to have been affected.
