This archive report was first published on 3 July 2021.
July 3, 2021 - A devastating cyberattack has hit hundreds of US businesses, with a US IT company, Kaseya, urging its customers to shut down their servers immediately.
Kaseya, a leading provider of IT and security management services to small and medium-sized businesses, said the attack was limited to a 'very small percentage' of its customers who use its VSA software, with fewer than 40 affected worldwide.
However, cybersecurity firm Huntress Labs had earlier reported that around 200 businesses had been encrypted, with the attackers believed to be from the notorious hacking group REvil.
REvil was also behind the recent attack on JBS, one of the world's biggest meat processors, which ended with the Brazil-based company paying bitcoin worth $11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, urging businesses to follow Kaseya's guidance and quickly shut down VSA servers to avoid having systems compromised.
Kaseya lists a US headquarters in Florida and an international headquarters in Ireland, and the company has become aware of a possible incident with VSA at midday on the US east coast.
According to the New Zealand government's Computer Emergency Response Team, the attackers were from a hacking group known as REvil, which has been linked to several high-profile ransomware attacks in recent months.