There has been extensive coverage over the weekend of the massive ransomware attack, that began at the US-based IT firm Kaseya. The attackers managed to infect a software update for Kaseya’s VSA product that went out to customers on Friday with REvil ransomware. This not only affected these firms, but also their customers. One of the most high-profile European casualties so far is the Swedish Coop supermarket chain, which had to close over half of its 800 stores because point-of-sales systems had stopped working. Whilst Coop is not a customer of Kesaya, it is believed that one of their software suppliers is.
Kesaya acted swiftly to shut down cloud-based services and to advise clients to shut down their on-premises VSA servers; but it appears that considerable damage had already been done. Kesaya are stressing that only a small number of their customers are affected, but experts estimate that over 200 companies globally have been infected. At the time of writing, cloud-based services were still suspended and clients running VSA on-premises were still waiting for a security patch.
The Kaseya incident is part of a growing trend of “supply-chain attacks”, where criminals propagate ransomware along the supply-chain to infect multiple victims. The method has proved highly successful so far, which will likely encourage more of these attacks in the future.