Up to 1,500 companies compromised by ransomware attack on Kaseya

As many as 1,500 companies around the world were potentially compromised by a ransomware attack late last week on software company Kaseya, it acknowledged Monday. 

Kaseya, which was hit by a ransomware attack likely carried out by a Russian cyber criminal group, announced that while about 50 of its customers were directly impacted, those customers provided information technology services to between 800 and 1,500 companies that were also potentially compromised.

Kaseya stressed that the number of groups hit by the attack would have been far higher — as many as 1 million companies managed by Kaseya’s 35,000 customers — but that the breach had only a “limited impact.”

“Our global teams are working around the clock to get our customers back up and running,” Kaseya CEO Fred Voccola said in a statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”

Many of the companies impacted by the ransomware attack are local and small businesses with fewer than 30 employees, and no critical infrastructure companies were impacted according to Kaseya.

Both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are actively involved in investigating the ransomware attack, and the White House also became involved in addressing the hack over the weekend.

“This is a collaborative effort to remediate the issue and identify the parties responsible so they may be held accountable,” Voccola said. “We are beyond grateful for their assistance getting our customers back online. The immediate action-oriented and solution-based approach of CISA and the FBI, with tremendous overall support from the White House, has proven to be a huge help in ensuring that this attack led only to a very small number of impacted customers.”

“While each and every customer impacted is one too many, the impact of this highly sophisticated attack has proven to be, thankfully, greatly overstated,” Voccola added.

Experts have pointed to a Russian-linked ransomware group known as “REvil” as being behind the attack, with Reuters reporting Monday that the hackers were demanding a ransom of $50 million to decrypt Kaseya systems and restore services. 

The same group was linked by the FBI to the attack in May on JBS USA, the nation’s largest provider of beef and other meat. JBS paid a ransom of roughly $11 million in bitcoin to restore operations quickly, a course of action discouraged by federal authorities. 

President Biden, who was asked about the hack by reporters over the weekend, stressed that his administration was “not sure” that Russia was behind the attack, but that he had previously warned Russian President Vladimir Putin that the U.S. would respond in the case of future cyberattacks.

“I directed the intelligence community to give me a deep dive on what’s happened, and I’ll know better tomorrow,” Biden said Saturday. 

Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said in a statement Sunday that the United States is working “to assess the Kaseya ransomware incident and assist in the response.” She urged potentially compromised companies to report to federal authorities. 

The FBI and CISA also encouraged compromised companies to reach out.

“If you feel your systems have been compromised as a result of the Kaseya ransomware incident, we encourage you to employ all recommended mitigations,” CISA and the FBI said in a joint statement on Sunday. “Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat.”