Hundreds of American businesses have been hit by a ransomware attack ahead of the Fourth of July holiday weekend, according to the cybersecurity company Huntress Labs.
Huntress Labs said on Friday that 200 American businesses were hit after an incident at the Miami-based IT firm Kaseya, potentially marking the latest in a line of hacks destabilizing US companies.
“This is a colossal and devastating supply chain attack,” John Hammond, a senior security researcher with Huntress, said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.
Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies “it has the potential to spread to any size or scale business.”
Kaseya, in a statement posted on its own website, said it was investigating a “potential attack” on VSA, a widely used tool to reach into corporate networks across the United States.
In the statement, Kaseya said the tool offers to monitor and manage servers, desktops, network devices and printers and that it may have been attacked. Such an attack can be particularly insidious to address, said Chris Grove, a security expert at the cybersecurity firm Nozomi Networks.
“Once a breach happens, the victim would generally reach for these tools to work their way out of a bad situation, but when the tool itself is the problem, or is unavailable, it adds complexity to…