A massive ransomware attack on the software supply chain has impacted more than 1,000 businesses so far, and the number may continue to grow, according to the cybersecurity firm Huntress Labs Inc. The attack has focused on managed service providers, which provide IT services primarily to small- and medium-sized businesses. Such attacks can have a multiplying effect, since the hackers may then gain access and infiltrate the MSPs’ customers too. So far, more than 20 MSPs have been affected, said John Hammond, a cybersecurity researcher at Huntress Labs.
The impact of the attack is only beginning to come to light. In Sweden, a majority of grocery chain Coop’s more than 800 stores couldn’t open on Saturday after the attack led to a malfunction of their cash registers, spokesperson Therese Knapp told Bloomberg News. The hackers were identified as the Russia-linked ransomware group REvil, which was accused last month of hacking giant meatpacker JBS SA. There are victims in 11 countries so far, according to research published by cybersecurity firm ESET. The hackers appear to have targeted Kaseya Ltd., a Miami-based developer of software for managed service providers, as a way to attack its customers, according to cybersecurity experts. “What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”
In a statement, Kaseya said it has notified the FBI. The company said it had so far identified less than 40 customers that were impacted by the attack. Two of the affected MSPs include Synnex Corp. and Avtex LLC, according to two people familiar with the breaches. Avtex President George Demou told Bloomberg News in a text message on Friday night, “Hundreds of MSPs have been impacted by what appears to be a Global Supply Chain hack.”