Ransomware attack of 200 firms by group behind Apple extortion attempt

article thumbnail

A ransomware attack has potentially impacted hundreds of companies on the July 4th weekend, an attack by the same group that attempted to extort Apple in April.

On Friday, it was revealed IT management firm Kaseya has been the focus of a new ransomware attack, that deals with software tools it produces. The Florida-based Kaseya disclosed that its VSA software was part of a potential security incident, prompting the shutdown of its servers and notifying customers to shut down related VSA servers.

As Kaseya operates a platform for managed service providers (MSPs) to offer remote support and software update services to other businesses, ransomware could have been distributed using VSA servers to MSP clients. This has the potential to harm hundreds of companies that use MSPs that rely on Kaseya's platform.

According to security firm Huntress speaking to Gizmodo, three of its MSP clients had been affected, which could have affected as many as 200 smaller firms. "

MSPs with over thousands of endpoints are being hit," said Huntress senior security researcher John Hammond. "When an MSP is compromised, we've seen proof that it has spread through the VSA into all the MSP's customers."

The U.S. Cybersecurity and Infrastructure Security Agency issued a release on Friday, encouraging companies to read Kaseya's advisory and to shut down VSA servers immediately.

One very public victim of the attack is Sweden's supermarket chain Coop, which closed approximately 500 stores out of its 800 branches on Saturday while repairs were made to computer systems affected by the attack. Coop's MSP was Visma, which used the Kaseya suite.

According to Huntress, it is believed that the attack was caused by the ransomware hacking group "REvil," a well-known cybercriminal outfit. The group has a string of attacks to its name, including allegedly extorting $11 million out of meat supplier JBS after work at 13 processing plants ground to a halt.

In April, the group claimed it was "negotiating the sale of large quantities of confidential drawings of personal data with several major brands," and wanted Apple to pay a ransom to buy back data. The group also threatened to publish new data every day until the ransom was paid.

The group seemed to obtain its schematics from Apple supply partner Quanta Computer, and asked Quanta for $50 million. It is unknown how much it asked Apple for the data.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.