(CBS4) – As Americans celebrate the Fourth of July holiday weekend, cybersecurity professionals across the country plan to work overtime to address a massive supply chain ransomware attack. At least 200 companies found their data encrypted on Friday, according to the cybersecurity firm Huntress.

Security researchers believe the ransomware may have spread from the software provider Kaseya VSA to at least eight managed service providers, which oversee IT infrastructure for companies. It’s still unclear how the attackers gained access to the software, but the number of impacted organizations is expected to grow.

Huntress has attributed the attack with high confidence to the Russia-linked REvil Ransomware-as-a-Service (RaaS) operation, also known as Sodinokibi. The criminal group provides malware kits for affiliates to launch cyberattacks in exchange for a cut of the profit.

REvil was recently behind the cyberattack in May that halted operations at more than a dozen JBS meatpacking plants, including the company’s North American headquarters in Greeley. JBS confirmed it paid the cybercriminals $11 million in Bitcoin. REvil is behind some of the largest known ransom demands, including $42 million from entertainment law firm Grubman Shire Meiselas & Sacks.

The timing of Friday’s ransomware attack before the holiday weekend could be part of REvil’s strategy. JBS became aware of its ransomware attack over Memorial Day weekend, when employees were more likely to take time off.

In a security advisory, Kaseya warned customers to immediately shut down their VSA server to prevent the attack from spreading.

BleepingComputer and Bloomberg report REvil has already issued ransom demands ranging from $5,000 to $45,000 in cryptocurrency.

“With early reports indicating 200 or more victims, this is the most significant ransomware incident to have occurred via a supply chain attack,” said Brett Callow, threat analyst at cybersecurity firm Emsisoft. “It’s possible that companies which decide to negotiate the demand may find themselves facing delays due to the possibly unprecedented number of simultaneously negotiations that REvil will need to handle. It’s simply another obstacle that victims may need to deal with.”

For each MSP targeted, there are hundreds of companies at risk of compromise. Many small to medium-sized businesses hire managed service providers because their company lacks the internal resources to oversee IT infrastructure.