Russian ransomware attack hits hundreds of businesses during holiday weekend—Biden admin delivers ZERO response

A widespread ransomware attack hit hundreds of businesses during the July Fourth holiday weekend and is expected to hit many more.

On Saturday, Kaseya, an information technology company, confirmed it suffered a “sophistical cyberattack” on its VSA software- a set of tools used by IT departments to manage and monitor computers remotely. Kaseya said that about 40 customers were affected. Kaseya’s software is used by large IT companies that offer contract services to many smaller businesses, which means the hack could have spread to thousands of victims.

The company told all of its nearly 40,000 customers to disconnect their Kaseya software immediately. The cybersecurity firm Huntress Labs said it tracked 20 IT companies, known as managed-service providers, that had been hit. More than 1,000 of those companies’ clients had also been affected by the hack, Huntress Labs said on Reddit.

“I wouldn’t be surprised if it was thousands of companies,” said Fabian Wosar, the chief technology officer of Emsisoft, a company that provides software and advice to help organizations defend against ransomware attacks. “We just don’t know yet because of the long weekend in the U.S.” Coop Sweden, a major grocery chain in Sweden, said on Saturday that its IT provider had been hit by an attack and that its cash registers were locked up. The company had to shut down hundreds of stores, the company said on its Facebook page.

Because of the amount of companies potentially affected, the attack could be one of the biggest in history. Researchers said REvil, the hacker group that attacked the meat processor JBS this Spring, is responsible for the attack. The attack has the possibility of increasing tensions between the United States and Russia, as it comes just weeks after President Biden met with Russian President Vladimir Putin in Geneva. Biden warned Putin that the United States will hold Moscow accountable for cyberattacks that originate in Russia. Many cybersecurity threat analysts believe REvil operates in Russia.

The U.S. Cybersecurity and Infrastructure Security Agency urged companies in a statement to follow Kaseya’s advice and said it is “taking action to understand and address the recent supply-chain ransomware attack.” “It is absolutely the biggest non-nation-state supply-chain cyberattack that we’ve ever seen,” Allan Liska, a researcher with the cybersecurity firm Recorded Future, said Friday. “And it’s probably the biggest ransomware attack we’ve seen, at least the biggest since WannaCry.”