President Joe Biden stated on Saturday that he has instructed intelligence agencies to look into a ransomware assault that had struck hundreds of American firms as the weekend began.
Huntress Labs, a security firm, believes the assault, which hit software platform Kaseya and a number of small businesses on Friday, was carried out by the Russia-linked REvil ransomware group. The FBI implicated the same gang for the attack on meatpacker JBS last month.
Kaseya confirmed Saturday morning that it suffered a “sophisticated cyberattack” on its VSA software — a set of tools used by Information Technology departments to manage and monitor computers remotely. About 40 percent of its customers had been affected.
The attack was felt internationally and is likely to affect more businesses.
The VSA software is used by large IT companies offering their services to hundreds of small businesses, potentially spreading the hack to thousands of victims.
Combining two tactics deployed by hackers — supply chain attacks and ransomware — the hackers managed to use Kaseya’s VSA platform to get into other companies’ systems and deploy ransomware.
Kaseya told all of its 40,000 customers to disconnect the software immediately.
The attack could be one of the biggest in history and increase tensions between the United States and Russia.
On a visit to Michigan Saturday, Biden was asked about the hack while shopping for pies at the cherry orchard.
“The initial thinking was it was not the Russian government but we’re not sure yet,” he said.
Biden added that the U.S. would respond if it determined Russia was to blame.