The recent ransomware attack in Kaseya was suspected to be related to the famous hacking group, REvil. Huntress Labs, a cybersecurity firm said that the latest cybercrime has affected at least 200 companies.

Kaseya, one of the leading companies when it comes to IT security and management have been hit by an unforeseen cyberattack. Since it has access to the programs of various firms, the data from the said organizations could be in danger of being stolen, hacked, or altered.

Kaseya Cyberattack

REvil Ransomware Believed to be Responsible For Kaseya Cyberattack Involving At Least 200 Companies
(Photo : Christin Hume from Unsplash )
Experts suspected that the recent ransomware attack on Kaseya was connected to the REvil ransomware gang.

In a report by ZDNet on Friday, July 2, Kaseya immediately urged its customers to close their VSA servers after the suspected REvil ransomware attack.

According to the Huntress Labs' senior security researcher, John Hammond, the cyber attackers managed to hack at least four of Kaseya's customers.

At the moment, there is no official number of the victims who might have been hit by the ransomware gang. For the estimation, Hammond said that the total number was already near 200 and it will continue to escalate as the investigation progresses.

Analysts thought that the cybercriminals had done the malicious scheme as the weekend approached July 4. The cyber attackers could intentionally launch the attack on the upcoming holiday due to the decline in the number of cybersecurity experts. This would give the gang more time and freedom to inject the malware into the systems.

Read Also: 'Ransomware Readiness Assessment' Tool Allows Users to Check How Strong They Are Against Cyberattacks

Data Backups

No one knows when a ransomware attack will hit. That's why it's always important to have a specific backup for the clients' files. According to SoCal Computers founder Alex Dittemore, he has successfully kept some backups to the clients who were hit by the massive cyberattack.

Dittemore said that he has not yet started restoring all the systems. He would do that until Kaseya gives further information about the ransomware attack. Moreover, he added that it's a "little frustrating" knowing that they have not heard some news from Kaseya lately.

"I've got 300, 400 people on Tuesday that are expecting to come back to work. It would be nice if we could get some kind of decryption key or golden bullet," Dittemore said.

What Does Ransomware on Kaseya Do?

According to NBC, the ransomware has similarities with REvil that's why security experts suspected that it was affiliated with the notorious cybercriminal gang. The malware is used for encryption of the computers used by the clients.

Previously, the Russian hackers were involved in the attack on many companies. They targeted computers and infected many to increase their coverage in the systems.

At the moment, the US Cybersecurity and Infrastructure Security Agency said that it is now addressing what happened to the software manager.

In an emailed statement, CISA's executive assistant director for cybersecurity, Eric Goldstein said that they are now monitoring the issue. They will also coordinate with the FBI for further concerns about the recent ransomware attack.

Related Article: Babuk Locker Ransomware Targets Victims Around the World; Demands $210 as Ransom

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2021 All rights reserved. Do not reproduce without permission.