July 2, 2021
Kaseya, an international company that remotely controls programs for companies, said it was attacked by hackers and warned all customers to immediately stop using its service.
A successful ransomware attack on a single company has spread to at least 200 , possibly to more than 1,000+ organizations, according to cybersecurity firm Huntress Labs, making it one of the single largest criminal ransomware sprees in history.
Cybersecurity teams are working feverishly to stem the impact of the single biggest globalon record, with some details emerging about how the Russia-linked gang behind it breached the company whose software was the conduit.
The attack, first revealed Friday afternoon, is believed to be affiliated with the prolific ransomware gang REvil and perpetuated through Kaseya, an international company that remotely controls programs for companies that, in turn, manage internet services for businesses.
REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency.
Kaseya announced Friday afternoon it was attacked by hackers and warned all its customers to immediately stop using its service.
At least four of Kaseya’s immediate customers were hacked, said John Hammond, a senior security researcher at Huntress, which is helping with Kaseya’s response.
Since those Kaseya customers manage an untold number of businesses, it is unclear how many will fall victim to ransomware over the weekend, but Huntress’ count is already around 200, Hammond said, with that number expected to rise.
The timing, just ahead of Fourth of July weekend, is unlikely to be a coincidence. Ransomware hackers often time their attacks to start at the beginning of a holiday or weekend to minimize the number of cybersecurity professionals who might be able to quickly jump on and stop the malicious software’s spread.
Alex Dittemore, the founder of SoCal Computers, a small company that manages online services for about a dozen California businesses, said his company and all its clients were locked Friday with the ransomware. He keeps backups for all of them, he said, but hasn’t begun to restore their computers until Kaseya provides more guidance on when it was first infected with ransomware.
“One of the things that’s a little frustrating right now is that there’s not a lot of news coming down from Kaseya. We’re all in a holding pattern, just hanging tight,” he said.