Kaseya, a Miami-based provider of software to IT outsourcing companies, said that the incident affected up to 1,500 organizations managed by its customers, as CBS reports. The victims were in at least 17 countries. Among them, as NPR notes, were a supermarket chain in Sweden and schools in New Zealand.
Kaseya said it found out about the attack on July 2 and immediately blocked access to the software involved. Only about 50 of Kaseya’s direct customers were exposed, according to the company. Kaseya’s customers manage roughly 800,000 to 1 million local and small entities, so the 800 to 1,500 organizations affected represent just a fraction. The company said it is currently working with cybersecurity company FireEye, along with the White House, the FBI, CISA and the Department of Homeland Security.
Russian-speaking ransomware gang REvil took credit for the attack, demanding $70 million in bitcoin in exchange for a key decrypting victims’ data. But Reuters reports that the hackers told Jack Cable of the cybersecurity-oriented Krebs Stamos Group they might be open to negotiating. The group later reportedly dropped their demand to $50 million.
Cybersecurity experts say they’re concerned because the attack suggests a level of preparation and complexity more associated with top government hackers than simple crooks, as NBC reports. They used a zero-day vulnerability, for one, and they also went after a vital link in the cyber food chain rather than hitting a single target.
Earlier this year, REvil launched an attack that hobbled giant meat supplier JBS. By contrast, the enormous SolarWinds supply chain attack, uncovered in late 2020, has been attributed to Russia’s SVR intelligence agency. “The difference here is REvil is financially motivated,” Cable told NBC. “They’re criminals, so in many ways they have fewer boundaries," he said.
The FBI has recommended that affected organizations follow mitigation guidance from CISA, beginning with downloading a tool for detecting indicators of a compromise, as ThreatPost reports.
The White House has said that senior national security officials planned to meet with top Kremlin officials to discuss the ransomware attacks, as NextGov reports. That follows the June 16 summit between President Joe Biden and Russia’s Vladimir Putin.