United States: over 1,000 companies threatened by giant cyberattack

It is difficult to estimate the scale of this giant cyberattack which is already affecting several continents. Hackers attacked US company Kaseya on Saturday July 3, just before US National Day, to demand ransom from potentially more than 1,000 companies.

First direct consequence: the attack has already caused the closure of 800 stores in Sweden. The attack has indeed paralyzed the checkouts of Coop Sweden, one of the largest supermarket chains in the country, which had to suspend its activity on Saturday, its checkouts being paralyzed by the attack.

Hackers used ransomware, also known as “ransomware,” a type of computer program that exploits a company’s security holes to cripple its computer systems and then demand a ransom to unlock them.

Moscow, suspected, denies any involvement

According to many experts, the hackers behind this type of ransomware attack are often based in Russia. Moscow, suspected of covering or even being associated with their activities, denies any involvement.

But the phenomenon is growing to such an extent that it was one of the main points raised by US President Joe Biden during his meeting in mid-June with his Russian counterpart Vladimir Poutin.

Joe Biden, who on Saturday ordered an investigation, said “the first thought was that it wasn’t about the Russian government, but we’re not sure yet.”

“If it turns out that this happened when Russia knew about it and / or it was Russia’s fault, then I told Putin that we will respond,” the US president said. .

An “unprecedented” attack

Based in Miami, Kaseya sells IT tools to businesses, including VSA software for managing networks of servers, computers and printers from a single source. It claims more than 40,000 customers.

Kaseya, who realized Friday at midday on the American east coast of a possible incident on its VSA software, assured that it had been circumscribed “to less than 40 customers in the world”.

But the latter themselves provide services to other companies, which allows hackers to leverage their attack.

According to the computer security company Huntress Labs, “more than 1,000 companies” have been affected by this ransomware.

“We currently have no data on the number of companies involved,” notes Brett Callow, cybersecurity expert at Emsisof. But the scale of the attack is probably “unprecedented”.

A national security problem

Ransomware attacks have become frequent and the United States has been particularly hit in recent months by attacks affecting large companies such as the meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as local communities and companies. hospitals.

>> To see: Cyber ​​attack in the United States: the Biden administration on the offensive

“This latest ransomware attack which affects hundreds of companies is a reminder for the US government, which must fight against these foreign cybercriminal groups,” said Christopher Roberti, in charge of cybersecurity at the Chamber of Commerce American.

The US Agency for Cybersecurity and Infrastructure Security (CISA) “is closely monitoring the situation,” said Eric Goldstein, one of its officials.

“We are working with Kaseya and we are coordinating with the FBI to carry out awareness campaigns with victims who may be affected,” he added.

“a logic of extortion”

The nature of the attack is similar to that used with the software publisher SolarWinds, which in 2020 affected government organizations and American businesses.

Except that the latter, attributed by Washington to the Russian secret services, was rather “in a logic of espionage, while we are here in a logic of extortion”, underlines Gérome Billois, cybersecurity expert from the consulting firm Wavestone.

According to Huntress Labs, according to the methods used, the ransomware notes and the internet address provided by the hackers, it is an affiliate of the group of hackers known as REvil or Sodinokibi that is at the origin of these intrusions.

The attack launched on Friday is “one of the most important and extensive that I have seen in my career,” said Alfred Saikali, of the law firm Shook, Hardy & Bacon, which is used to dealing with this kind of situations.

It is generally recommended not to pay the ransom, he emphasizes. But sometimes, especially when the data cannot be backed up, “there is no choice,” he admits.

With AFP