Up to 1,500 businesses could be affected by a cyberattack carried out by a Russian group.

“It totally sucks,” said the chief executive of the software company Kaseya, which was compromised Friday along with some of its customers.

Advertisement

Continue reading the main story

Up to 1,500 businesses could be affected by a cyberattack carried out by a Russian group.

Video

transcript

bars
0:00/1:01
-0:00

transcript

White House Says Combatting Ransomware Attacks Is a ‘Priority’

Last week, a number of small- and medium-sized businesses were hit by a major cyberattack, causing other companies around the world to fear the same. The Biden administration said it’s working to prevent further cyberattacks.

The increase in ransomware attacks far predated the president taking office, and it is something that from Day 1, he has made a priority and has asked his team to focus on where we can have an impact, how we can better work with the private sector, and what we can do across the federal government to help address and reduce ransomware attacks on our critical infrastructure, but also on a range of entities in the United States. And we are continuing to up our partnership with the private sector, which is a key part of best practices in ensuring we are reducing the impact of the, I should say, the vulnerability of private-sector entities. But there is more that can be done, and it warrants and requires an interagency process and discussion in order to move those policies forward. The attack over the weekend underscores the need for companies and government agencies, as well, to focus on improving cybersecurity. And we’ve talked a bit in the past about the importance of private-sector entities hardening their own cybersecurity, putting in place best practices that have been recommended by the federal government for some time.

Last week, a number of small- and medium-sized businesses were hit by a major cyberattack, causing other companies around the world to fear the same. The Biden administration said it’s working to prevent further cyberattacks.

July 6, 2021, 5:50 p.m. ET

Between 800 and 1,500 businesses around the world were compromised or affected by a cyberattack on Friday that security experts said could be the largest attack in history using ransomware, in which hackers shut down systems until a ransom is paid.

“This is the worst ransomware incident to date, but if we don’t take action, the worst is yet to come,” said Kyle Hanslovan, the chief executive of the cybersecurity firm Huntress Labs.

Hackers compromised Kaseya, a Miami-based software maker that provides technology services to tens of thousands of organizations around the world. Many of its customers are so-called managed service providers, which in turn provide security and tech support to other companies and collectively reach millions of businesses.

“It totally sucks,” Fred Voccola, Kaseya’s chief executive, said in a video posted on YouTube early Tuesday, addressing the company’s customers. “If I was you, I’d be very, very frustrated, and you should be.”

He said Kaseya was working with the F.B.I., the Department of Homeland Security and the White House to address the issue.

About 50 of Kaseya’s direct customers were compromised when it was breached, Mr. Voccola said, including dozens of managed service providers.

A Russia-based cybercriminal organization known as REvil took credit on Sunday for the attack, boasting about it on its site — called “Happy Blog” — on the dark web. Some victims were being asked for $5 million in ransom, Huntress Labs said.

Brett Callow, a threat analyst for the cybersecurity firm Emsisoft, said REvil was also asking for $45,000 in cryptocurrency for each computer system a victim wanted restored.

REvil also said it would publish a tool that would allow all infected companies to recover their data if it were paid $70 million in Bitcoin.

“If you are interested in such a deal, contact us,” the group wrote, adding that it had provided a way for victims to contact the organization.

Jack Cable, a security researcher for Krebs Stamos Group, said he had reached out to REvil over the weekend and the group said it was willing to negotiate. It offered to slash the price for the tool to $50 million in Bitcoin, he said.

Jen Psaki, the White House press secretary, said during a news conference on Tuesday that “we advise against companies paying ransomware, given that it incentivizes bad actors to repeat this behavior.”

Image

President Biden and Russian President Vladimir Putin arriving for their first meeting in Geneva last month.Credit…Doug Mills/The New York Times

Ms. Psaki said American national security officials had been in touch with Russian government officials over the attack. When President Biden met with President Vladimir Putin of Russia in Geneva last month, he demanded that Russia rein in ransomware attacks, which have become increasingly common in recent months. The F.B.I. said REvil was behind the hacking of the world’s largest meat processor, JBS, in May.

“If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action, on our own,” Ms. Psaki said.

The Kaseya cyberattack has had cascading effects around the globe, touching companies in more than a dozen countries, including the United States, Germany, Australia and Brazil. In Sweden, the grocery retailer Coop was forced to close more than 800 stores Saturday, and each location had to be visited to fix the problems caused by the hack. A Swedish railway and a pharmacy chain were also affected, security researchers said.

Mr. Voccola said such an attack was bound to happen.

“Even the best defenses in the world get scored upon,” he said.

A common refrain he has heard from government officials and security experts, he said, was that when it comes to cyberattacks, “it’s not a matter of if, it’s a matter of when.”

Leave a Reply