Hackers demand $70 million ransom payment after attacking hundreds of businesses
Ailan Evans, DCNF
Hackers are demanding a $70 million payment from software company Kaseya after a successful ransomware attack that began Friday.
Kaseya, a company that develops information technology management software, was the victim of a cyber attack Friday that hindered customer access to its VSA product, the provider said in a statement. The attack also affected hundreds of small businesses that used the services of Kaseya’s customers, such as accountants and dentists’ offices, according to Reuters.
The hackers demanded a single $70 million payment to decrypt data that would restore access to affected data, a representative of the hackers told Reuters.
“To date, we are aware of fewer than 60 Kaseya customers, all of whom were using the VSA on-premises product, who were directly compromised by this attack,” Kaseya said.
“While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses,” the statement said.
The Russian hacking syndicate REvil, the same organization behind the June ransomware attack on meat packer JBS, claimed credit for the attack, the company said. The company confirmed REvil had sent a ransom note but did not disclose the amount.
Kaseya was aware of the weaknesses the hackers exploited and was working on patching them before the attack, Chief Executive Officer Fred Voccola said in a Tuesday interview posted on the company’s YouTube channel.
“We are confident we know how it happened and we are remediating it,” Voccola said.
“Kaseya understood the problem and they were rushing to produce a patch,” Victor Gevers, chairman of cybersecurity group the Dutch Institute for Vulnerability Disclosure, told The Wall Street Journal.
Voccola said Kaseya was working with the FBI to resolve the issue, and commended the Biden administration for offering support. The White House issued a statement Sunday announcing plans to direct the “full resources of the government to investigate this incident.”
“We’ve also had communication check-ins with the White House directly and are grateful for the support, encouragement, and hands-on assistance with validation of our remediation plans,” a spokesperson for Kaseya told the Daily Caller News Foundation.
The attack is the third major ransomware attack in recent months, following the JBS hack and the Colonial Pipeline shutdown in May.
Editor’s note: This story has been updated to reflect additional comments from a Kaseya spokesperson.