Cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack and that some 200 businesses “have been encrypted.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small- and medium-sized businesses, meaning an attack would make them targets going into the Independence Day holiday weekend in the United States.
“We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you immediately shut down your VSA server until you receive further notice from us,” Kaseya said in a message shared in a Reddit forum, AFP reported.
“It’s critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA.”
VSA is the company’s flagship offering, designed to let companies manage networks of computers and printers from a single point. The company lists a US headquarters in Florida and an international headquarters in Ireland.
Kaseya said in a post that the apparent cyberattack may have been limited to a “small number” of its customers.
The US Cybersecurity and Infrastructure Security Agency (CISA) put out the word that it is “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
CISA called on businesses to follow Kaseya’s guidance and quickly shut down VSA servers to avoid having systems compromised.
The UN Security Council this week held its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries’ key infrastructure — an issue US President Joe Biden recently raised with Russian counterpart Vladimir Putin.
Several Security Council members acknowledged the grave dangers posed by cybercrime, notably ransomware attacks on key installations and companies.
Multiple US companies, including the computer group SolarWinds, the Colonial oil pipeline, and the global meat giant JBS, have recently been targeted by ransomware attacks.