Hackers may have breached up to 1,500 businesses in what is being called the biggest ransomware attack yet, according to a Monday statement from Kaseya, a software vendor whose product for remote IT management was apparently exploited in the attack.
The hackers, believed to be affiliated with the group REvil, have made ransom demands of individual victims and have also offered to release a code that would unlock all compromised machines for $70 million. The group recently extracted an $11 million ransom from meat producer JBS after ransomware disrupted the company’s food production lines.
The attack appears to have mostly struck a small handful of companies that use hosted versions of Kayesa’s software. The problem is that many of those companies are themselves IT providers, meaning that their own customers were also affected. Kaseya has emphasized that there doesn’t seem to be an effect on critical infrastructure, as in the recent Colonial Pipeline hack that disrupted gasoline supplies, but that may be of little comfort to the businesses that were affected or their own customers.
The Swedish grocery chain had to close hundreds of stores this weekend because its IT provider was affected, and small businesses and government agencies around the world were also affected, CNN reports.
So-called supply chain attacks, where widely used software is compromised to attack customers, can be especially damaging since they can strike so many organizations at once. Kaseya has said it will soon release a patch to prevent further attacks using the same vulnerability in its software, although companies that have already been attacked will likely still need to restore systems from backups.
U.S. officials say they are investigating the hack, and the Biden administration urged anyone affected to contact the FBI. The U.S. has accused Russia of effectively providing safe harbor to ransomware operations like REvil and called on President Vladimir Putin to put a stop to the extortionist operations.