The ransomware group that collected an $11 million payment from meat producer JBS SA about a month ago has begun a widespread attack that has likely infected hundreds of organizations world-wide and tens of thousands of computers, according to cybersecurity experts.
The group, known as REvil, has focused its attack on Kaseya VSA, software used by large companies and technology-service providers to manage and distribute software updates to systems on computer networks, according to security researchers and VSA’s maker, Kaseya Ltd.
REvil is a well-known purveyor of ransomware—malicious software that locks up a victim’s computer until a digital ransom is paid, typically in the form of bitcoin. This latest attack appears to be its largest ever. The incident may have infected as many as 40,000 computers world-wide, according to cybersecurity experts.
The use of trusted partners like software makers or service providers to identify and compromise new victims, often called a supply-chain attack, is unusual in cases of ransomware, in which hackers shut down the systems of institutions and demand payment to allow them to regain control. The Kaseya incident appears to be the largest and most significant such attack to date, said Brett Callow, a threat analyst for cybersecurity company Emsisoft.
Among those affected was a supermarket chain in Sweden. The company said that in some cases its cash registers were hit in the attack, prompting many of its stores to remain shut Saturday.