Complete News World

Mysterious cyber attack in the US disables IT worldwide

The attack on the American company Kasaya took place shortly before American Independence Day. According to experts, more than 1000 companies could be affected, which is already evident in Sweden and Germany.

Um The United States had a colonial oil pipeline And the largest U.S. subsidiary in the world Meat producer J.P.S. Become. Now it’s the turn of the American IT company Ghazia – this time with repercussions as far as Europe.

In the US, yesterday, Sunday, shortly before US Independence Day, the ransomware cyber attack in Ghazia certainly predicted the game. US President Joe Biden said on Saturday afternoon (local time) that he did not suspect the Russian government was behind the attack. However, in the meantime, one is “not sure” about this. According to experts, more than a thousand companies could be affected by this attack. Hundreds of supermarket branches had to be closed in Sweden.

Biden commissioned US intelligence to investigate the case. “The original explanation was that it was not about the Russian government, but we are not sure yet,” the US president said the day before the biggest US holiday. If Russia turns out to be the culprit, there will be a response from Washington.

American companies have been the target of cyber attacks on several occasions in recent times, each of which has been blamed by Russian hackers. At their summit in Geneva in mid-July, Biden and his Russian envoy, Vladimir Putin, agreed to work with a joint working group on the issue.

Redemption requests

According to Huntress Labs, a cybersecurity consulting firm, Casey’s VSA software was damaged with “encrypting more than a thousand companies”. IT company Kasaya confirmed the cyber attack over the weekend and assured them that the attack would be contained so that only a “very small percentage” of customers who used Kasia’s VSA network would be affected.

See also  United States: Marigopa County opposes further investigation into election fraud

In attacks with ransomware, hackers lock or encrypt victims’ computer systems in order to extort money from users in order to release their data. According to its own information, Kasaya is a leading provider of information technology and IT security for small and medium enterprises. With the VSA server, companies can control all of their computers and printers from a single workstation.

“We are in the process of investigating the real cause of this incident with the utmost caution,” Kasaya initially told the online service Reddit Forum. The company asked its customers to close their so-called VSA server immediately “until further notice” from us.

Kasaya later told his clients about the incident through the company’s website, via email, computer display and phone, and asked them to shut down their VSA servers. “We think we have identified and are correcting the vulnerable source,” says the Miami-based company, which has more than 40,000 customers.

First reports in Germany

According to the Federal Office for Information Security (BSI), Germany already has first impressions: “An IT service provider has reported that he has been affected,” a BSI spokesman said. This service provider is taking care of several thousand customer settings, which may be affected.

BSI is expected to receive further reports on Monday as companies resume work after the weekend. BSI advises victims to take technical and institutional action and report to BSI.

A serious case like Sweden has not yet been registered.

Problems in Sweden

One of the biggest According to their own reports, Swedish supermarket chains had to temporarily close about 800 branches on Saturday.Because their records have stopped working. Koop said Sweden had a subcontractor who was the target of the digital attack. The company did not provide any details. However, the Swedish subsidiary of software company Wisma announced on Friday that a major cyber attack on the American IT company Kasaya was imminent.

In addition to other companies, the state railway company S.J. Thus, passengers could not pay by card at the bistro. The attack on a co-operative service provider took place on Friday evening, affecting both normal cash register systems and self-service checks at supermarkets, TV broadcaster S.V.T. A spokesman told the broadcaster that the problems had been resolved overnight, but they had not yet been resolved. In individual regions, some branches in the country were able to reopen, using some other payment methods.

What is REvil?

The US Cyber ​​Security Agency (CISA) said it was investigating the incident. He called on companies to immediately close their VSA server, following Kasia’s instructions.

The New Zealand government’s computer emergency team says a hacker group called Revil was behind the cyber attack.

It was only in May that the US colonial oil pipeline and the US subsidiary of the world’s largest meat producer, JBS, fell victim to a cyber attack with ransomware. Last year, hackers used software from the US information technology company Solarwinds to gain access to ministries, officials and organizations. The US Federal Bureau of Investigation (FBI) has blamed hackers in Russia for the cyber attacks. So the attack on JPS was carried out by Rev.

See also  Agreement on a reduced social and climate package


(“Die Press”, print edition, July 5, 2021)