A massive ransomware attack that affected thousands of victims continued to cause chaos on Sunday as the White House pledged “full resources” to probe the breach.
Companies across the globe appear to have been affected through compromised software, asked to pay ransoms reported from $45,000 up to $5 million as the full breadth of Friday’s attack came into focus.
The ransomware hit Florida-based Kaseya and spread through a slew of companies, many which use its software to serve multiple customers.
“The level of sophistication here was extraordinary,” Fred Voccola, CEO of Kaseya, told The Associated Press.
About half the company’s 37,000 customers were victimized – but 70 percent of those were “managed service providers” who use Kaseya’s software to many others. In total, he estimated that thousands were affected, the AP said.
Although experts believe the attack originated from a group with ties to Russia, President Biden said Saturday it wasn’t yet clear if that was the case. He told reporters he’d ordered a “deep dive” by intelligence into the breach.
“And if it is, either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond,” Biden said, according to a transcript of his comments.
Cyber crimes were a topic – and a major point of contention – between Biden and Russian leader Vladimir Putin when the two world leaders met in Europe during the G-7 summit.
The Russian-linked group REvil is suspected to be behind the attack, and may have struck during Independence Day weekend because it knew companies would have had limited staff due to the holiday, the AP said, citing experts.
Some companies may still not yet know they are victims until they return to work on Monday, the AP stated.
The White House said Sunday the FBI and Cybersecurity and Infrastructure Security Agency (CISA) were working with Kaseya to conduct outreach to victims.
“Since Friday, the United States Government has been working across the interagency to assess the Kaseya ransomware incident and assist in the response,” said Anne Neuberger, deputy national security advisor for cyber and emerging technology.
“We extend our thanks to the cybersecurity professionals across the FBI, CISA, and the intelligence community for working around the clock to respond to this incident.”
The White House urged companies to report if they believed they’d been compromised on the CISA Crime Complaint Center.
In ransomware attacks, victims are asked to fork over a ransom to access scrambled data and their locked networks. Many of the businesses affected in this case were small companies, said the AP, who noted a Swedish grocery chain had closed its stores for the second day in a row due problems caused by the attack.
Kaseya said it released a detection tool to almost 900 customers and was working to repair and restore service, noting it believed it identified how the attack happened.
With Post wires