Kaseya Says Up To 1,500 Businesses Compromised In The Ransomware Attack

Recall US cloud company Kaseya was recently hit by ransomware . A group of Russian-speaking hackers have claimed responsibility for this massive cyberattack. This attack has affected several American companies that outsurced IT management to Kaseya. The ransomware group REvil has demanded $70 million ransom in Bitcoin to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert.

Software vendor Kaseya says that between 800 and 1,500 businesses have been compromised by the recent ransomware attack. This victims are said to have spread across at least 17 countries. Kaseya in a statement on Monday made this discovery about the attack that unfolded on Friday. Most of those affected are small businesses, the disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative, New Zealand, where schools and kindergartens were knocked offline. About a dozen other countries have had organizations affected by the breach in some way, according to research published by cybersecurity firm ESET.

A representative of the hackers on Monday in a conversation with Reuters via a chat interface on the hackers’ website said “We are always ready to negotiate,”. Fred Voccola, the company’s CEO, in an interview refused to say whether he was ready to take the hackers up on the offer. In his exact words said “I can’t comment ‘yes,’ ‘no,’ or ‘maybe’, no comment on anything to do with negotiating with terrorists in any way.” Cybersecurity experts believe the hackers may have exploited a vulnerability in the Kaseya software in which Kaseya was in the process of fixing, however Voccola quickly discredit that believe.  “We don’t believe that they were in our network,” he said. He added that the details of the breach would be made public “once its ‘safe’ and OK to do that.”

Voccola also mentioned he had spoken to officials at the White House, the Federal Bureau of Investigation, and the Department of Homeland Security about the breach but declined details on what they had told him about paying or negotiating with attackers. The White House on Sunday mentioned it was checking to see whether there was any “national risk”, The White House urged companies who believe their systems were compromised in the attack to immediately report to the Internet Crime Complaint Centre.

“Our global teams are working around the clock to get our customers back up and running,” Voccola says. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.” Kaseya added he had discussed “systems and network hardening requirements prior to service restoration” with the FBI and CISA. The company said that “a set of requirements” will be posted “to give our customers time to put these counter measures in place in anticipation of a return to service on July 6.”

The topic of cybercrimes  and payments continue to become increasingly fraught as ransomware attacks become increasingly disruptive – and lucrative. In the month of June alone several high-profile companies were hit with the malicious software that encrypted victims’ servers and computers. Companies like McDonald’s and Peloton today also have their stories to tell about being targeted by these  cybercriminals. This attacks have continued to disrupt services and products essential to everyday lives around the world.