The attack on the American company Kasaya took place shortly before American Independence Day. According to experts, more than 1000 companies could be affected, which is already evident in Sweden and Germany.
Um The United States had a colonial oil pipeline And the largest U.S. subsidiary in the world Meat producer J.P.S. Become. Now it’s the turn of the American IT company Ghazia – this time with repercussions as far as Europe.
In the US, yesterday, Sunday, shortly before US Independence Day, ransomware cyber attack in Ghazia certainly predicts the game. US President Joe Biden said on Saturday afternoon (local time) that he did not suspect the Russian government was behind the attack. However, in the meantime, one is “not sure” about this. According to experts, more than a thousand companies could be affected by this attack. Hundreds of supermarket branches had to be closed in Sweden.
Biden commissioned US intelligence to investigate the case. “The original explanation was that it was not about the Russian government, but we are not sure yet,” the US president said on the eve of the biggest US holiday. If Russia turns out to be the culprit, there will be a response from Washington.
American companies have been the target of cyber attacks on several occasions in recent times, each of which has been blamed on Russian hackers. Biden and his Russian rival, Vladimir Putin, agreed to resolve the issue at a joint working group summit in Geneva in mid-July.
According to Honduras Labs, a cybersecurity consulting firm, Kasaya’s VSA software was damaged with “encryption of more than a thousand companies”. IT company Kasaya confirmed the cyber attack over the weekend and assured them that the attack would be contained so that only a “very small percentage” of customers who used Kasia’s VSA network would be affected.
When attacked with ransomware, hackers lock or encrypt victims’ computer systems in order to extort money from users for the release of their data. According to its own information, Kasaya is a leading provider of information technology and IT security for small and medium enterprises. With a VSA server, companies can control all of their computers and printers from a single workstation.
“We are in the process of investigating the real cause of this incident with the utmost caution,” Kasaya initially told the Reddit online service forum. The company asked its customers to close their so-called VSA server immediately “until further notice” from us.
Casey later said its customers were notified of the incident via the company’s website, via email, on their computer and by phone, and asked to shut down their VSA servers. The Miami-based company says it has more than 40,000 customers: “We think we have found and are correcting the vulnerable source.”
First reports in Germany
According to the Federal Office for Information Security (BSI), Germany already has first impressions: “An IT service provider has reported that he has been affected,” a BSI spokesman said. This service provider is taking care of several thousand customer settings, which may be affected.
BSI is expected to receive further reports on Monday as companies resume work after the weekend. BSI advises victims to take technical and institutional action and report to BSI.
A serious case like Sweden has not yet been registered.
Assist cyber attacks
Information for companies / entrepreneurs
0800 888 133 is the Vienna Chamber of Commerce’s Internet Security Hotline. It works 24 hours a day, seven days a week and helps companies with cyber attacks. Trained staff will assist you in solving the problem. Upon request, if necessary, certified and accredited IT professionals will be placed immediately so they can be on site quickly.
Problems in Sweden
One of the biggest According to their own reports, Swedish supermarket chains had to temporarily close about 800 branches on Saturday.Because their records have stopped working. Koop said Sweden had a subcontractor who was the target of the digital attack. The company did not provide any details. However, the Swedish subsidiary of software company Wisma announced on Friday that a major cyber attack on the American IT company Kasaya was imminent.
In addition to other companies, the state railway company S.J. Thus, passengers could not pay by card at the bistro. A co-operative service provider was attacked on Friday evening, which affected both normal cash registers and self-service checks at supermarkets, TV broadcaster S.V.T. The spokesman told the broadcaster that the issues had been resolved overnight, but they were still unresolved. In individual regions, some branches in the country were able to reopen, using some other payment methods.
What is REvil?
The US Cyber Security Agency (CISA) said it was investigating the incident. He called on companies to immediately close their VSA server, following Kasia’s instructions.
The New Zealand government’s computer emergency team says a hacker group called Revil was behind the cyber attack.
It was only in May that the US colonial oil pipeline and the US subsidiary of the world’s largest meat producer, JBS, fell victim to a cyber attack with ransomware. Last year, hackers gained access to the ministries, officials and organizations that use the software from the American information technology company Solar Winds. The US Federal Bureau of Investigation (FBI) has blamed hackers in Russia for the cyber attacks. So the attack on JPS was carried out by Rev.
(“Die Press”, print edition, July 5, 2021)