Between 800 and 1,500 companies around the world were compromised or affected on Friday in what security experts say could be the largest ransomware attack in history, in which hackers shut down systems until a ransom is paid.
“This is the worst ransomware incident yet, but if we don’t take action, the worst is yet to come,” said Kyle Hanslovan, CEO of cybersecurity company Huntress Labs.
Hackers compromised Kaseya, a Miami-based software company that provides technology services to tens of thousands of companies around the world. Many of their customers are so-called managed service providers, who in turn offer other companies security and technical support and together reach millions of companies.
“It totally sucks,” said Fred Voccola, CEO of Kaseya, in one Video posted on YouTube early Tuesday, addressing the company’s customers. “If I were you, I would be very, very frustrated, and so should you.”
He said Kaseya is working with the FBI, the Department of Homeland Security and the White House to address the problem.
About 50 of Kaseya’s direct customers were compromised in an attack, said Mr. Voccola, including dozens of managed service providers.
A Russia-based cybercriminal organization called REvil blamed the attack on Sunday and bragged on its website – called “Happy Blog” – on the dark web. Some victims have been asked for a $ 5 million ransom, Huntress Labs said.
Brett Callow, a threat analyst for cybersecurity firm Emsisoft, said REvil also asked for $ 45,000 in cryptocurrency for each computer system that tried to recover a victim.
REvil also said it would release a tool that would allow all infected companies to recover their data if they received $ 70 million in Bitcoin.
“If you are interested in a deal like this, contact us,” the group wrote, adding that they had offered victims an opportunity to contact the organization.
Jack Cable, Cancer Stamos Group Safety Researcher, said he reached out to REvil over the weekend and the group said they were ready to negotiate. It offered to bring the price of the tool down to $ 50 million in Bitcoin, he said.
Jen Psaki, the White House press secretary, said during a press conference on Tuesday, “We advise against companies paying for ransomware as it will encourage bad actors to repeat this behavior.”
Ms. Psaki said American security officials contacted Russian government officials about the attack. When President Biden met Russian President Vladimir Putin in Geneva last month, he called on Russia to curb ransomware attackswhich have become more and more common in recent months. The FBI said REvil was behind the heel of the biggest in the world Meat Processor, JBS, in May.
“If the Russian government cannot or does not want to take action against criminal actors based in Russia, we will take action ourselves or reserve the right to take action,” said Ms. Psaki.
The Kaseya cyber attack has had cascading effects around the world, which affects businesses in more than a dozen countries, including the United States, Germany, Australia, and Brazil. In Sweden, grocer Coop had to close more than 800 stores on Saturday and each location had to be visited to fix the problems caused by the hack. A Swedish railway and a pharmacy chain are also affected, said security researchers.
Mr. Voccola said that such an attack would be inevitable.
“Even the best defense in the world will count,” he said.
A common refrain he heard from government officials and security experts was that cyberattacks were “not a question of if, but when”.