A ransomware attack on a Florida-based software management firm impacted some 200 companies and is being investigated by federal authorities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said on Twitter that it “is taking action to understand and address the supply-chain ransomware attack against Kaseya,” and several managed service providers that use the company’s software.
Kaseya alerted its customers at 2 p.m. EDT on Friday about a “potential attack” against its VSA software.
“We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers,” the brief alert said.
“We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shut down your VSA server until you receive further notice from us,” the notice continued. “It’s critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA.”
Security firm Huntress said on Reddit it has so far identified eight managed service providers affected by the hack. The firm said it was too early to say if Kaseya had been hacked.
“Our team has been in contact with the Kaseya security team for the past hour. They are actively taking response actions and feedback from our team as we both learn about the unfolding situation,” the post by Huntress said.
Huntress separately told Reuters that 200 companies are affected.
“This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email to Reuters.
Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies “it has the potential to spread to any size or scale business.” Many managed service providers use VSA, although their customers may not realize it, experts said.
Some employees at service providers said on discussion boards that their clients had been hit before they could get a warning to them.
The Epoch Times reached out to Kaseya for comment.
A private security executive working on the response effort said that ransom demands accompanying the encryption ranged from a few thousand dollars to $5 million or more.
The corruption of an update process shows a marked escalation in sophistication from most ransomware attacks, which take advantage of security loopholes such as common passwords without two-factor authentication.
Kaseya has 40,000 customers for its products, though not all use the affected tool.
Reuters contributed to this report.