Cybersecurity company Huntress Labs said on Friday that 200 companies have been affected by ransomware attacks after the US IT company Kaseya’s incident in Miami.
Kaseya said in a statement posted on her own website that she is investigating a “possible attack” on a tool widely used to access the U.S. corporate network.
In the statement, Kaseya stated that its VSA tools are used by IT professionals to monitor and manage servers, desktops, network devices, and printers, and may be attacked.
In response, it stated that it had shut down some of the infrastructures, and urged customers who use VSA in its facilities to shut down their servers immediately.
“This is a huge and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email, referring to the increasingly compelling technique for hackers to hijack a piece of software.
Hammond added that because Kaseya is connected to everything from large companies to small businesses, “it has the potential to expand to businesses of any size or scale.”
Reuters could not immediately contact Kaseya’s representatives for further comment. Huntress stated that he believes that the Ravil ransomware group linked to Russia is the culprit in the latest ransomware outbreak. The FBI accused the group of paralyzing the meat processor JBS last month.
The email sent to the hacker seeking comment did not return immediately. In a statement, the US Cybersecurity and Infrastructure Security Agency stated that it is “taking measures to understand and resolve the recent supply chain ransomware attacks against Kaseya’s VSA products.”
The supply chain attack has been placed at the top of the cyber security agenda. Previously, hackers were alleged to have operated a network monitoring tool developed by Texas software company SolarWinds under the guidance of the Russian government.
Kaseya’s products have 40,000 customers, but not everyone uses the affected tools.