Kaseya, a software company that provides services to more than 40,000 organizations around the world, said on Friday that it was investigating the possibility that they were the victim of a cyber attack.
The company urges customers using its systems management platform, known as VSA, to immediately close their servers to avoid the possibility of being compromised by attackers.
“We are experiencing a potential attack against VSA that is limited to a small number of customers on site,” the company posted on its website. “We are in the process of investigating the root cause of the incident with utmost vigilance.”
Kaseya did not respond to a request for comment.
John Hammond, a researcher at cybersecurity firm Huntress Labs, said that at least eight companies that provide security tools or technology to hundreds of other small businesses may have been “harmed” by the hack. attack Kaseya. He added that REvil, a Russian cybercriminal group that the FBI says is behind the hack of the world’s largest meat processor, JBS, in May, is more likely to be blamed.
Mr. Hammond said some of the affected companies have been asked for a $5 million ransom. At least 200 companies are at risk, Huntress says.
Mr. Hammond said: “Kaseya handles big business to small business globally, so ultimately it has the potential to spread to any size or scale business. “This is a massive and devastating supply chain attack.”
The US Cybersecurity and Infrastructure Agency also described the incident in a statement on its website as “a supply chain ransomware attack”. It urged Kaseya customers to close their servers and said it was investigating.
Hackers have carried out a series of prominent cyberattacks against US companies in recent months, including JBS and Colonial Pipeline, which move fuel along the East Coast. Both are ransomware attacks in which hackers try to shut down systems until a ransom is paid. Video game company Electronic Arts was also recently hacked, but its data was not held for ransom.