About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm.
Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.
Kaseya said in a statement on its own website that it was investigating a "potential attack".
Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.
The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.
The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.
The two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.
Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim's computer system.
See also:
(Score: 1, Disagree) by Anonymous Coward on Saturday July 03 2021, @01:19PM (7 children)
Think this through: how does having more software vendors decrease the number of bugs to exploit? It doesn't. Furthermore, having more software systems might increase bugs because of increased complexity of multiple systems and integration needs. Now, I am not saying everyone needs to standardize on a couple different vendors, but I am saying that I don't see how more vendors equals more security.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 03 2021, @01:22PM
One more note: security is a process, not a product, as Bruce Scheier says.
(Score: 5, Informative) by turgid on Saturday July 03 2021, @01:27PM (2 children)
Correct, but they will be different bugs, subject to different exploits. Therefore, one single exploit can't take the whole lot down.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Touché) by Dr Spin on Saturday July 03 2021, @02:01PM (1 child)
But, But ...
Think of the malware vendors!
Warning: Opening your mouth may invalidate your brain!
(Score: 3, Interesting) by Opportunist on Saturday July 03 2021, @09:36PM
Doing this constantly. I call them "my beloved job security", for as long as they continue being a threat, I'm going to be employed as well.
They are my enemies and at the same time I'm their parasite. Because without them, I couldn't exist in the job I have.
(Score: 4, Insightful) by Socrastotle on Saturday July 03 2021, @05:07PM
The interesting thing about your question is that it generalizes to something that can be applied everywhere from economic systems, world vs national government, and much more.
And it all comes down to simple game theory. When you have one vendor, and that vendor is doing an exceptional job it will never be able to be beaten by a multi-vendor system. Because a multi-vendor system all but guarantees that at least some of the vendors will be being exploited, or failing at some time or another. The reason that the multi-vendor scenario may often end up being superior is because of the other side of things. When you have a single vendor and that vendor trends towards ineptitude, corruption, greed, or whatever else - then the entire domain under its "rule" (which may be everywhere, when taken to extremes) suddenly ends in a global dystopia. By contrast in our multi-vendor world, you will always have some vendors doing well - even if purely by chance.
So it depends on what you see as more valuable. Because "more security" is somewhat meaningless. In a unipolar world, when the monopoly becomes dysfunctional - the entire world has zero security. By contrast in a multipolar world, you'll probably never have zero security. But, on the other hand, you'll never reach the 100% in those periods during a unipolar world where the solitary vendor has not been exploited.
(Score: 3, Insightful) by Opportunist on Saturday July 03 2021, @09:34PM
It doesn't. Quite the contrary, it will increase the number of bugs in software, simply by virtue of there being more software.
But at the same time any bug in any of these systems will have a much smaller impact on everyone. It's a bit like with any monoculture. Yes, if you have only one kind of tree in a forest, there will be far fewer pests to consider because all the ones that only affect the other tree types will simply not exist in your forest. But if you have an outbreak of one such pests, your forest is gone.
Bark beetles are a really huge threat in one of the areas I lived in. Mostly because they decided that monocultures of fast growing spruces is a good idea.
(Score: 2) by FatPhil on Sunday July 04 2021, @07:03PM
Because you're not obliged to run all the software by all the vendors. You can chose to run the ones that you consider least buggy.
E(min(x0,x1)) < min(E(x0),E(x1))
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves