Ransomware attack on networking provider affects 1,500 businesses

The attack, which occurred on Friday (July 2), was reportedly executed by the Russian hacking group REvil who typically encrypt the files of victims before demanding a ransom payment to unlock them.

The group said it wanted a $70m (£51m) payment to free the files “in less than an hour”.

Fred Voccola, CEO of Kaseya, admitted that it was difficult to precisely determine the extent of the damage caused by the attack as the people affected were mostly customers of its own customers.

The firm is working with the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) to determine the root cause of the attack.

“Our global teams are working around the clock to get our customers back up and running,” Voccola said. “We understand that every second they are shut down it impacts their livelihood, which is why we’re working feverishly to get this resolved.”

In defence of his business, Voccola claimed that the impact of this “highly sophisticated attack” has proven to be “greatly overstated”.

Nevertheless, it forced the Swedish division of Co-op to close 500 of its 800 shops over the weekend as it attempted to recover from the attack. Schools and kindergartens as far afield as New Zealand were also taken offline.

The UK’s National Cyber Security Centre (NCSC) has been looking into the impact of the incident on UK businesses. “We are actively working to fully understand this incident and mitigate potential risks to the UK,” a spokesperson said.

“At this stage we have seen evidence of a limited impact to UK organisations, though our work is ongoing and we remain vigilant to any threats. We encourage Kaseya customers to read the company’s incident update page, which recommends that people who have been affected do not click on any links emailed to them by the attackers as they could be malicious.”

Since the Covid-19 pandemic began, early in 2020, hacking activity against corporations in the US and other countries has soared as cyber criminals seek to exploit security weakened by new and evolving work-from-home policies which companies have been obliged to roll out for staff during lockdowns and self-isolation.

In November 2020, the NCSC said it had defended the UK from more than 700 cyber-attacks in the previous year alone.