Businesses were threatened by a cyber attack at Casey

(New York) Hackers attacked the US company Casey long before the weekend, demanding ransom from more than 1,000 companies through its IT management software.

According to computer security firm Huntress Labs, “more than 1000 companies” have been affected by this ransomware.

“Based on the number of IT service providers and the feedback we see in this thread, it makes sense to think that it could affect thousands of small businesses,” Huntress Labs said in a post on the Reddit Forum.

“We do not currently have data on the number of companies involved,” said Brett Colo, a cybersecurity expert at Emsysof. But the scale of the attack is probably “unprecedented”.

Based in Miami, Casey sells IT tools to businesses, including VSA software, to manage networks of servers, computers and printers from a single source. It claims more than 40,000 customers.

Ransomware attacks have changed frequently and the United States has been hit in recent months by attacks affecting meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as hospitals in local communities and companies.

“This latest ransomware attack, which is affecting hundreds of companies, is a wake-up call for the US government to fight these foreign cybercriminal groups,” said Christopher Roberti, who is in charge of cyber security at the Chamber of Commerce American.

The U.S. Agency for Cyber ​​Security and Infrastructure Security (CISA) is “closely monitoring the situation,” said Eric Goldstein, one of its executives.

“We are working with Casey and we are coordinating with the FBI to take awareness measures on the victims,” ​​he said in a message to AFP.

Stand in line to pay

The nature of the attack is similar to that used by computer management software publisher Solar Winds, which affected US government agencies and businesses in 2020.

Unless Washington is attributed to Russian secret services, “there is a logic of action, we are here in the logic of exploitation,” stressed Gerom Billois, a cybersecurity expert from consulting firm Wavestone.

According to Huntress Labs, according to the methods used, the ransomware notes and the internet address provided by the hackers, it is affiliated with a group of hackers called Revil or Sodinokibi, which is the source of these intrusions.

The FBI has blamed the group for a cyber attack on JBS in late May.

The attack, which began on Friday, was “the most important and comprehensive I’ve ever seen in my career,” said Alfred Saikali of the law firm Shuk, Hardy & Bacon, which can help deal with this kind of situation.

It is generally recommended not to pay the ransom, he stressed. But he admits that sometimes, especially when data cannot be backed up, “there is no choice”.

If several companies choose to pay, it is not certain that the group of hackers “has the ability to conduct simultaneous conversations,” Mr. Callo also noted.

“If they stand to negotiate, the time lost is very precious.”