Cyberattack on Kaseya May Have Impacted 1,500 Businesses

“This is the worst ransomware incident to date,” cybersecurity expert says.

July 08, 2021

ALEXANDRIA, Va.—Between 800 and 1,500 businesses around the world were reportedly impacted by Friday’s cyberattack that security experts say could be the largest ransomware attack in history, the New York Times reports.

As NACS Daily reported Tuesday, Kaseya, a Miami-based software developer, was hit by ransomware, which was then deployed to some of Kaseya’s customers disguised as a software update. Coop, one of Sweden’s largest supermarket chains, was forced to close 800 stores when the ransomware caused cash registers and self-serve stations to go down.

“This is the worst ransomware incident to date, but if we don’t take action, the worst is yet to come,” said Kyle Hanslovan, chief executive of cybersecurity firm Huntress Labs.

Fred Voccola, Kaseya’s chief executive, said his company is working with the FBI, the Department of Homeland Security and the White House to address the issue. About 50 of Kaseya’s direct customers were compromised.

A Russian-based cybercriminal organization known as REvil claimed responsibility for the attack in a post on its dark web site called “Happy Blog.” Some victims were being asked for $5 million in ransom, Huntress Labs said.

Brett Callow, threat analyst for the cybersecurity firm Emsisoft, said REvil was also asking for $45,000 in cryptocurrency for each computer system a victim wanted restored. REvil said it would publish a tool that would permit all infected companies to recover their data if paid $70 million in Bitcoin.

Jack Cable, a security researcher for Krebs Stamos Group, said that he had reached out to REvil, and that the group offered to reduce the price to $50 million in Bitcoin.

Jen Psaki, the White House press secretary, said on Tuesday, “We advise against companies paying ransomware, given that it incentivizes bad actors to repeat this behavior.” Psaki said American national security officials had been in touch with Russian government officials over the attack.

The Kaseya cyberattack has touched companies in more than a dozen countries, including the United States, Germany, Australia and Brazil.

Voccola said such an attack was bound to happen. A common refrain he’s heard from government officials and security experts, he said, was that when it comes to cyberattacks, “It’s not a matter of if, it’s a matter of when.”

For convenience retailers looking for information to protect and defend their data, Conexxus has resources to help proactively defending against cybersecurity attacks and more.