More Than 1,500 Companies Compromised in Kaseya Ransomware Attack
According to a statement released on Monday by American software company Kaseya, the ransomware attack on 50 of its direct customers compromises the i...
According to a statement released on Monday by American software company Kaseya, the ransomware attack on 50 of its direct customers compromises the information of up to 1,500 businesses in 17 countries around the world. Reports state that this is the largest ransomware attack in history.
Largest ransomware attack in history
After cybersecurity firm Emsisoft’s analysis, it was determined that the malicious software was created by REvil, a ransomware gang believed to operate in Eastern Europe, near Russia. As informed by CNN, the organization has demanded a $70 million payment in Bitcoin for a decrypting tool to restore the businesses’ data.
Requested payments vary from one company to another, with some reports claiming that the highest amount shots up to $5 million, while U.S. president Joe Biden is unsure of who committed the attack.
“Our global teams are working around the clock to get our customers back up and running,” said Kaseya CEO Fred Voccola in a statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we're working feverishly to get this resolved.”
REvil used the installer of an automatic update of the Kaseya company's IT management software, commonly used by managed service providers, affecting Managed Service Providers, which subsequently infected their customers’ systems.
IT experts Aryeh Goretsky and Cameron Camp assure that a lag between the actual breach taking place and the support teams’ response allowed for the biggest damage.
Keseya not yet weighing to pay ransom
At present, Kaseya has approximately 40,000 customers and it has updated its website to notify those potentially affected. Although the company recommended shutting down potential VSA servers immediately until the patch is released, it was already too late for many as the ransomware encrypted their information.
Kaseya said that it had discussed “systems and network hardening requirements prior to service restoration” with the FBI and CISA. The IT company stated that “a set of requirements” would be posted “to give our customers time to put these countermeasures in place in anticipation of a return to service on July 6.”
During a Reuters interview on Monday, Voccola did not assure if Keseya was to pay the hackers’ ransom money. “No comment on anything to do with negotiating with terrorists in any way,” he said.
Voccola also said that he was not aware of any nationally important organizations being compromised in the attack. “We're not looking at massive critical infrastructure. That's not our business. We're not running AT&T's network or Verizon's 911 system. Nothing like that.”