The company, whose software was exploited in the largest ransomware attack ever, said Tuesday that fewer than 1,500 companies have appeared to have been compromised to date. However, cybersecurity experts suspected the estimate was low and noted that the victims are still being identified.
Miami-based Kaseya said in a prepared statement that it believed that only about 800 to 1,500 of the estimated 800,000 to 1,000,000 primarily small businesses – customers of companies that use their software to manage their IT infrastructure – will benefit from the Attack were affected.
The statement was widely reported after the White House shared it with the media.
However, cybersecurity experts said it was too early for Kaseya to know the true ramifications of Friday’s attack, especially since it was launched by the Russia-affiliated REvil gang on the eve of the July 4th U.S. holiday and many may target him only discover when returning to work on Tuesday.
Most of the more than 60 Kaseya customers affected in an email on Sunday, company spokeswoman Dana Liedholm said, are managed service providers (MSPs) who have multiple downstream customers.
“Given the relationship between Kaseya and MSPs, it is not clear how Kaseya would know the number of victims affected. The numbers are by no means as low as Kaseya claims, ”said Jake Williams, chief technical officer of cybersecurity firm BreachQuest.
The hacked Kaseya tool, VSA, remotely manages customer networks and automates security and other software updates. In essence, a network protection tool from malware was cleverly used to spread it.
“It’s too early to say as this entire incident is still under investigation,” said cybersecurity firm Sophos, which is closely following the incident. IT and other cybersecurity companies questioned whether Kaseya had any insight into crippled managed service providers.
In an interview with The Associated Press on Sunday, Fred Voccola, CEO of Kaseya, estimated the number of victims to be “the low thousand”. The German news agency dpa reported on Sunday that an unnamed German IT service company had informed the authorities that several thousand of its customers had been compromised. Two Dutch IT service companies were also among the reported victims.
A wide range of businesses and government agencies across all continents, including financial services, travel and leisure, and the public sector – albeit a few large corporations – have been hit by the latest attack, according to Sophos.
Ransomware criminals infiltrate networks and sow malware that cripples them by encrypting all of their data. Victims receive a decoder key when they pay. Most ransomware victims do not publicly report attacks or reveal whether or not they have paid a ransom.
President Joe Biden said Saturday that he had ordered US intelligence to take a “deep dive” into the attack and that the US would react if it discovered the Kremlin was involved.
#Number #victims #major #ransomware #attack #unclear