Two U.S. towns go offline, thousands of organizations hit, ransomware ‘shuts everything down’ globally

The impact of the Kaseya supply chain ransomware attack has spread to organizations further downstream, two U.S. towns that do not do any business with Kaseya, shutting down all systems and being forced to paralyse.

Two U.S. towns go offline, thousands of organizations hit, ransomware ‘shuts everything down’ globally

The attack affected about 1,500 organizations, according to Kaseya officials on Tuesday.

Preliminary reminder:

Ransomware explosion!One Business Hacked, Hundreds Infected

A record 450 million ransom! Details emerge of Kaseya software supply chain ransomware attack

Why the ransomware attack on US software developer Kaseya is cause for concern

Biden administration identifies ‘responding to ransomware threat’ as national security priority

Two towns in the U.S. state of Maryland became the first known local governments to be affected, marking the wider impact of the Kaseya supply chain ransomware attack, which has spread to organizations further downstream.

The towns of Leonardtown and North Beach on the Chesapeake Bay both confirmed this week that their computers and networks had been disabled due to Kaseya’s breach, and some municipal services were disrupted. In the town of North Beach, workers said they discovered the network problem at 12:30 p.m. on Friday, just after news of Kaseya’s ransomware infection spread.

The town wrote in the announcement, “After contacting our IT service provider, town staff took immediate action and shut down the network server and all workstations. By Friday evening, it was confirmed that the town of North Beach was also under extortion. Software impact. The attack originated from third-party software called Kaseya, which is used by both our IT service providers to remotely manage computer systems.”

The announcement also mentioned that the water supply system, telephone system, backup server and website of about 2,000 local community residents were not affected. Local officials said there were no signs of data theft, but the situation was still being assessed. Like many ransomware gangs, REvil routinely steals victims’ data and demands public disclosure for ransom.

A ransomware attack forced the town to delay the release of quarterly utility bills to its 2,900 residents after a network outage occurred around the same time as the town of North Beach in Leonardtown, according to an announcement Tuesday by town administrator Laschelle McKay. Currently, residents are also unable to access the town’s online payment site as normal.

McKay said in the interview, “Everything is paralyzed.”

Supply Chain Amplifies Ransomware Hazard

Tracing the source, the hackers who launched this global ransomware attack first invaded the VSA platform owned by Kaseya. This platform is mainly aimed at hosting service providers around the world, and is used to support more customer organizations (including small enterprises and local governments) that obtain hosting services in the form of outsourcing. Because of this, ransomware attacks against hosting providers are likely to have a cascade of downstream effects; in August 2019, for example, nearly 20 communities in Texas were hit by a simultaneous cyberattack.

Neither Leonardtown nor North Beach has its own IT specialist, and officials from both sides say they do not have any direct vendor-customer relationship with Kaseya.

The IT service provider chosen by Leonardtown is JustTech, headquartered in La Plata, Maryland. The IT and print services host is said to have about 3,000 customers in the Mid-Atlantic region.

North Beach town officials also mentioned that they expect their computer systems to be back online in about a week. McKay, the Leonardtown administrator, also said in an interview that JustTech had restored Internet service to the township government on Thursday morning, and that systems, including utility billing functions, are expected to be back online within the next 24 hours.

McKay insisted “no ransom will be paid” in a statement released on Tuesday. In this incident, REvil hackers demanded a total ransom of $70 million in cryptocurrency from the global victim community.

The current round of ransomware attacks has likely affected about 1,500 organizations around the world, Kaseya said in an announcement on Tuesday.


The Links:   LTA104A261F PK110FG160