Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO
says
Send a link to a friend
 [July 06, 2021] By
Raphael Satter
WASHINGTON (Reuters) -Between 800 and 1,500
businesses around the world have been affected by a ransomware attack
centered on U.S. information technology firm Kaseya, its chief executive
said on Monday.
Fred Voccola, the Florida-based company's CEO, said in an interview that
it was hard to estimate the precise impact of Friday's attack because
those hit were mainly customers of Kaseya's customers.
Kaseya is a company which provides software tools to IT outsourcing
shops: companies that typically handle back-office work for companies
too small or modestly resourced to have their own tech departments.
One of those tools was subverted on Friday, allowing the hackers to
paralyze hundreds of businesses on all five continents. Although most of
those affected have been small concerns - like dentists' offices or
accountants - the disruption has been felt more keenly in Sweden, where
hundreds of supermarkets had to close because their cash registers were
inoperative, or New Zealand, where schools and kindergartens were
knocked offline.
The hackers who claimed responsibility for the breach have demanded $70
million to restore all the affected businesses' data, although they have
indicated a willingness to temper their demands in private conversations
with a cybersecurity expert and with Reuters.
"We are always ready to negotiate," a representative of the hackers told
Reuters earlier Monday. The representative, who spoke via a chat
interface on the hackers' website, didn't provide their name.
Voccola refused to say whether he was ready to take the hackers up on
the offer.
"I can't comment 'yes,' 'no,' or 'maybe'," he said when asked whether
his company would talk to or pay the hackers. "No comment on anything to
do with negotiating with terrorists in any way."
The topic of ransom payments has become increasingly fraught as
ransomware attacks become increasingly disruptive - and lucrative.
Voccola said he had spoken to officials at the White House, the Federal
Bureau of Investigation, and the Department of Homeland Security about
the breach but declined to say what they had told him about paying or
negotiating.
On Sunday the White House said it was checking to see whether there was
any "national risk" posed by ransomware outbreak but Voccola said that -
so far - he was not aware of any nationally important organizations
being hit.
[to top of second column] |
A 3D printed model of a man working on a computer, LED lights and
toy people figures are seen in front of displayed binary code and
words "Data leaking" in this illustration taken, July 5, 2021.
REUTERS/Dado Ruvic/Illustration
"We're not looking at massive critical infrastructure," he said. "That's not our
business. We're not running AT&T's network or Verizon's 911 system. Nothing like
that."
Because Voccola's firm was in the process of fixing a vulnerability in the
software that was exploited by the hackers when the ransomware attack was
executed, some information security professionals have speculated that the
hackers might've been monitoring his company's communications from the inside.
Voccola said neither he nor the investigators his company had brought in had
seen any sign of that.
"We don't believe that they were in our network," he said. He added that the
details of the breach would be made public "once its 'safe' and OK to do that."
Some experts believe the full fallout from the hack will come into focus on
Tuesday, when Americans return from their July Fourth holiday weekend. Beyond
the United States, the most notable disruption occurred in Sweden - where
hundreds of Coop supermarkets had to shut their doors because their cash
registers were inoperative - and in New Zealand, where 11 schools and several
kindergartens were affected.
In their conversation with Reuters, the hackers' representative described the
disruption in New Zealand as an "accident."
But they expressed no such regret about the disruption in Sweden.
The supermarkets' closure was "nothing more than a business," the representative
said.
About a dozen different countries have had organizations affected by the breach
in some way, according to research published
https://www.welivesecurity.com/
2021/07/03/kaseya-supply-chain-attack-what-we-know-so-far by cybersecurity firm
ESET.
(Reporting by Raphael Satter; Additional reporting by Praveen Menon in
Wellington, New Zealand. Editing by Kim Coghill, Robert Birsel, William Maclean,
Jonathan Oatis and Diane Craft)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
