Many companies in the United States are threatened by a cyber attack

Kasaya called the cyber talk on Saturday a Advanced, Which ensures that it is circumcised For a very small number of customers.

Long weekend

On Friday evening, the company explained that it had realized a possible event in its VSA software on the American East Coast in the afternoon, extending the public holiday Monday to the weekend.

That company believes that Fewer than 40 customers worldwide Affected.

But later they provide services to other companies.

According to a company that specializes in computer security Huntress Labs, More than 1000 companies Affected by this ransomware.

Based in Miami, Casey provides IT tools for small and medium-sized businesses, including the VSA tool to manage the network of their servers, computers and printers from a single source. It claims more than 40,000 customers.

US Agency for Cyber ​​Security and Infrastructure Security (CISA) Examine the situation closely, Said Eric Goldstein, who is responsible for cybersecurity in the organization.

We will work with Casey and coordinate with the FBI to get victims affected., He added in a message sent to AFP.

Frequent attacks

Ransomware attacks have changed frequently and the United States has been hit in recent months by attacks affecting meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as hospitals in local communities and companies.

Many experts believe that the hackers behind these attacks often stay in Russia. Moscow, which is suspected of having or is associated with their activities, has denied any involvement.

This was one of the main issues raised by US President Joe Biden during a meeting with his Russian rival Vladimir Putin in mid-June.

Joe Biden, who ordered an investigation Saturday, made the remarks The first thought is that this is not about the Russian government, but we do not know yet.

This latest ransomware attack affecting hundreds of businesses is a wake-up call to the US government to address these foreign cybercriminal groups, Christopher Roberty, who is in charge of cybersecurity at the American Chamber of Commerce, ruled his part.

The logic of exploitation

The nature of the attack is similar to that used with the IT management software publisher Solar WindsThis will affect government agencies and American businesses by the end of 2020.

But in general Cybercriminals do business through business, Recalled Jerome Billois, a cybersecurity expert at consulting firm Wavestone.

In this case, they attacked a company that provided computer systems management software, which could reach several dozen or hundreds of companies at once., He explains.

Determining the exact number is complicated because in this kind of situation, the affected companies lose their means of communication, Mr. Belois adds. And Kasaya, who asked his customers to shut down all of their systems, could not say whether their system was shut down. Willingly or forcibly, He explains.

According to Huntress Labs, According to the methods used, the ransomware notes and the internet address provided by the hackers, known as the affiliates of the Digital Buccaneer group Damn Or Sodinokibi It lies at the source of these intrusions.

The FBI has blamed the group for a cyber attack on JBS in late May.

The attack began on Friday The most important and extensive I have ever seen in my career, Says Alfred Saikali of a law firm called Shuk, Hardy & Bacon, which is accustomed to dealing with such situations.

It is generally recommended not to pay the ransom, he stressed. But sometimes, especially when data cannot be saved, No choice, He agreed.

If many companies choose to pay, it is not certain that it is a hacker group Has the ability to manage simultaneous conversations, Mr. Kalov also commented.

If they have to stand up for negotiations, the time lost is very expensive..