Two U.S. towns are offline, thousands of organizations have been attacked, ransomware "closes everything" globally

The impact of the Kaseya supply chain ransom attack has spread to organizations further downstream. Two American towns that have no business dealings with Kaseya have shut down all systems and were forced to paralyze. According to Kaseya officials on Tuesday, the attack affected approximately 1,500 organizations.

Two towns in Maryland in the United States have become the first known local governments to be affected, which indicates that the impact of the Kaseya supply chain ransom attack has expanded and has spread to organizations further downstream .
The towns of Leonardtown and North Beach along the Chesapeake Bay confirmed this week that their computers and networks have been disabled due to the Kaseya violation, and some municipal services have also been interrupted . In the town of North Beach, the staff said they discovered the network problem at 12:30 noon last Friday, when the news that Kaseya was infected with ransomware had just spread.

The town wrote in the announcement, “After getting in touch with our IT service provider, the town staff immediately took action and shut down the network server and all workstations. By Friday night, there was news confirming that North Beach Town was also blackmailed. The impact of the software. The attack originated from a third-party software called Kaseya, and both of our IT service providers are using this software to remotely manage computer systems."

The announcement also mentioned that the water supply system, telephone system, backup server and website of about 2,000 local community residents were not affected. Local officials said that no signs of data misappropriation have been found so far, but the specific situation is still under evaluation. Like many ransomware gangs, REvil often steals victims’ data and demands ransoms under the threat of public disclosure.

According to an announcement made by town administrator Laschelle McKay on Tuesday, a network outage occurred at approximately the same time in Leonardtown and North Beach. The ransomware attack forced the town to postpone the release of quarterly utility bills to 2,900 residents. At present, residents cannot access the online payment website in the town normally.

McKay said in the interview, " All functions are paralyzed ."

Tracing back to the source, the hackers who launched this global ransomware attack first invaded the VSA platform under Kaseya. This platform is mainly for hosting service providers around the world, and is used to support more client organizations (including small businesses and various local governments) that obtain hosting services in the form of outsourcing. Because of this, ransomware attacks against hosting service providers are likely to have a series of downstream effects; taking August 2019 as an example, at that time, nearly 20 communities in Texas were simultaneously attacked by cyber attacks.

Leonardtown and North Beach Town do not have their own IT specialists, and officials on both sides also stated that they do not have any direct supplier-customer relationship with Kaseya .

Leonardtown’s IT service provider is JustTech, which is headquartered in La Plata, Maryland. The IT and printing services hosting company reportedly has approximately 3,000 customers in the Mid-Atlantic region.

North Beach town officials also mentioned that their computer system is expected to be back online within about a week. Leonardtown administrator McKay also said in an interview that JustTech has resumed the town government’s Internet service on Thursday morning, and various systems including the utility billing function are expected to be back online within the next 24 hours.

In a statement issued on Tuesday, McKay insisted that it " will not pay any ransom ." In this incident, the REvil hacker asked the global victim group to pay a total of $70 million in ransom in the form of cryptocurrency.

Kaseya announced on Tuesday that this round of ransomware attacks is likely to have affected approximately 1,500 organizations around the world.

Post a Comment

Previous Post Next Post