U.S. Company Searches For Answers After Suspected Russian-Based
July 5, 2021
U.S. IT provider that was been hit by a major ransomware attack on the
eve of a long holiday weekend in the United States is scrambling to help
its customers get their systems running again while it works with the
U.S. government to determine the extent of the attack.
The Florida-based company said its CEO would be interviewed on U.S.
television on July 4 regarding the incident, a sophisticated ransomware
attack that cybersecurity experts believe was carried out by Russian
The gang known as REvil is suspected of hijacking Kaseya's desktop
management software and pushing a malicious update that infected tech
management providers serving thousands of business.
Kaseya said it was working with the FBI and that only about 40 of its
customers were impacted directly. But the ransomware could still be
affecting many more companies that rely on Kaseya's clients.
Kaseya issued an updated response late on July 3 in which it did not
comment on how many customers were management providers that in turn
would have spread the malicious software to others. It also did not say
how much ransom had been demanded or whom the company suspects as the
Kaseya has "unfortunately been the victim of a sophisticated cyberattack,"
the statement said, adding that it believes the attack is limited to a
"very small number of on-premises customers."
It said all affected servers should remain offline until further
instructions from Kaseya. The company said it would provide an update on
July 4 about a patch that will be required before the servers can be
It also said outside experts had advised that customers who receive
communication from the attackers should not click on any links "as they
may be weaponized."
The FBI issued a statement saying it was investigating the matter in
coordination with the U.S. Cybersecurity and Infrastructure Security
President Joe Biden said he has directed U.S. intelligence agencies to
investigate who was behind the attack.
Biden, who raised the threat of cyberattacks in a summit last month with
Russian President Vladimir Putin, added that he would know more on July
4 about whether the attack on Kaseya was "either with the knowledge of
and-or a consequence of Russia."
Huntress Labs, a security firm that was one of the first to sound the
alarm, said thousands of small companies might have had files encrypted
by the cybercriminals, who left electronic messages asking for ransom
payments of thousands or millions of dollars.
of Sweden's biggest grocery chains, Coop, said its 800 stores were
closed on July 3 because a remote tool used for its cash registers was
impacted, meaning payments couldn't be taken. Swedish State Railways and
a major local pharmacy chain were also affected.
The Swedish news agency TT said Kaseya technology was used by the
Swedish company Visma Esscom, which manages servers and devices for a
number of Swedish businesses.
Swedish Defense Minister Peter Hultqvist told Swedish Television that
the attack was "very dangerous" and showed how businesses and state
agencies needed to improve their preparedness.
"In a different geopolitical situation, it may be government actors who
attack us in this way in order to shut down society and create chaos,"
Some experts speculated that the timing of attack immediately before the
U.S. Independence Day holiday weekend, was aimed at spreading the
ransomware while employees were away from their job.