A ransomware attack potentially hit hundreds of companies over the weekend of July 4, organized by the same group that tried to extort money from Apple in April.
IT management firm Kaseya has been at the center of a new ransomware attack that has targeted the software tools it produces. Florida-based Kaseya revealed that its VSA software was part of a potential security incident, which resulted in its servers crashing and informing customers to shut down their VSA servers.
Since Kaseya operates a managed service provider (MSP) platform to offer remote support and software update services to other companies, the ransomware could have been distributed using VSA servers to MSP clients. This could harm hundreds of companies using MSPs that depend on the Kaseya platform.
According to security firm Huntress, three of its MSP customers had been affected by talking to Gizmodo, which could have affected up to 200 smaller companies. "
"MSPs have thousands of delivery points that have been hit," said Huntress senior security researcher John Hammond. "When an MSP is compromised, we have seen evidence that it has spread through the VSA to all MSP customers."
The US Cybersecurity and Infrastructure Security Agency released a statement on Friday, encouraging companies to read Kaseya's warning and shut down VSA servers immediately.