Some 800 to 1,500 businesses around the world were compromised or affected by a cyberattack on Friday that security experts say could be the largest attack in the history of ransomware. , in which the hacker shuts down the system until the ransom is paid.
“This is the worst ransomware incident to date, but if we don’t act, the worst is yet to come,” said Kyle Hanslovan, chief executive officer of cybersecurity firm Huntress Labs.
Hackers have breached Kaseya, a Miami-based software maker that provides technology services to tens of thousands of organizations around the world. Many of their customers are known as managed service providers, thus providing security and technology support to other companies and collectively reaching millions of businesses.
Fred Voccola, Kaseya’s chief executive, said in a video posted on YouTube early Tuesday, referring to the company’s customers: “It’s absolutely lousy. “If I were you, I’d be very, very disappointed, and you should be.”
He said Kaseya is working with the FBI, Department of Homeland Security and the White House to resolve the issue.
About 50 Kaseya direct customers were compromised when it was compromised, Mr. Voccola said, including dozens of regulated service providers.
A Russia-based cybercrime organization called REvil took credit on Sunday for the attack, bragging about it on its website – called “Happy Blog” – on the dark web. Huntress Labs said some victims were asked for a $5 million ransom.
Brett Callow, a threat analyst with cybersecurity firm Emsisoft, said REvil is also asking for $45,000 in crypto for each computer system a victim wants to restore.
REvil also said it will publish a tool that will allow all infected companies to recover their data if it is paid $70 million in Bitcoin.
“If you are interested in such an arrangement, contact us,” the group wrote, adding that it provided a way for victims to contact the organization.
Jack Cable, a security researcher with the Krebs Stamos Group, said he contacted REvil over the weekend and the group said it was open to negotiations. It offered to reduce the price for the tool to $50 million in Bitcoin, he said.
Jen Psaki, the White House press secretary, said at a press conference Tuesday that “we advise against using companies that pay ransomware, as it encourages bad actors to repeat this behavior.” .
Psaki said US national security officials had been in contact with Russian government officials about the attack. When President Biden met Russian President Vladimir Putin in Geneva last month, he asked Russia to curb ransomware attacks, which have become increasingly common in recent months. The FBI said REvil was behind the hack of the world’s largest meat processor, JBS, in May.
“If the Russian government cannot or will not take action against criminals residing in Russia, we will act on our own or reserve the right to act,” Ms. Psaki said.
The Kaseya cyberattack had major global impacts, touching companies in more than a dozen countries, including the United States, Germany, Australia, and Brazil. In Sweden, grocery retailer Coop was forced to close more than 800 stores on Saturday, and each location had to be visited to troubleshoot problems caused by the hack. Security researchers said a Swedish railway line and a chain of pharmacies were also affected.
Mr. Voccola said that such an attack is certain to happen.
“Even the best defenses in the world get scored,” he said.
A common refrain he has heard from government officials and security experts, he said, is that when it comes to cyberattacks, “it’s not a matter of if but when.”