Up to 1,500 businesses compromised by latest ransomware attack, Kaseya CEO says
Kaseya, the software company targeted by a holiday weekend ransomware attack, said as many as 1,500 small businesses managed by its customers were compromised.
Still, Kaseya says the cyberattack it experienced over the July 4th weekend was never a threat and had no impact on critical infrastructure. The Russian-linked gang behind the ransomware had demanded $70 million to end the attack, but CNBC reported that the hackers reduced their demands to $50 million in private conversations.
The Miami-based company said Tuesday that it was alerted on July 2 to a potential attack by internal and external sources. It immediately shut down access to the software in question. The incident impacted about 50 Kaseya customers.
Many of Kaseya's customers are managed service providers, using Kaseya's technology to manage IT infrastructure for local and small businesses with fewer than 30 employees, such as dentists' offices, small accounting offices and local restaurants. Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya's customers, only about 800 to 1,500 have been compromised.
"Our global teams are working around the clock to get our customers back up and running," Fred Voccola, CEO of Kaseya, said in the statement. "We understand that every second they are shut down, it impacts their livelihood, which is why we're working feverishly to get this resolved."
The hacked Kaseya tool, VSA, remotely maintains customer networks, automating security and other software updates. President Joe Biden said Saturday that he ordered a "deep dive" by U.S. intelligence into the attack and that the U.S. would respond if it determines the Kremlin is involved.
The company said that it's working with various government agencies, including the FBI, CISA, Department of Homeland Security and the White House, as well as with computer incident response company FireEye Mandiant IR on the incident.
Massive attack
In the latest attack, hackers infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. Some cybersecurity experts pointed to the notorious REvil gang as a possible culprit. REvil may be best known for extorting $11 million from the meat processor JBS.
The attack impacted a broad array of businesses and public agencies, including in financial services, travel and leisure and the public sector, though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals operate by infiltrating networks and sowing malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up.
"This breach presents a highly unique challenge, which is given that roughly 70% of Kaseya's impacted customers were [managed service providers] and that most of those served small local businesses, breach reporting will be sparse," analysts with investment bank Raymond James said in a report. "It is a well-known fact that most businesses outside of the public eye never report breaches and often pay the ransom without reporting it to the authorities."
Experts say it was likely no coincidence that the attack came at the start of the Fourth of July holiday weekend, since most U.S. offices would have been lightly staffed. Some businesses had to shut down due to the latest attack, with Swedish grocery chain Coop saying most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled.
Ransomware is a growing problem, with businesses around the world attacked using ransomware roughly every 11 seconds, according to Cybersecurity Ventures. The security firm projects that global ransomware losses this year will reach $20 billion.