Number of victims in major ransomware attack still unclear

by Joseph K. Clark

The software company whose software was exploited in the most significant global ransomware attack on record says it so far, it appears that fewer than 1,500 businesses have been compromised

The software company whose software was exploited in the most significant global ransomware attack on record said Tuesday that so far, it appears that fewer than 1,500 businesses were compromised. But cybersecurity experts suspected the estimate was low and noted that victims are still being identified.

Miami-based Kaseya said in a prepared statement that it believed only about 800 to 1,500 of the estimated 800,000 to 1,000,000, primarily small businesses — customers of companies that use its software to manage IT infrastructure – were affected by the attack. The statement was widely reported after the White House forwarded it to the media.

However, cybersecurity experts said it was too early for Kaseya to know the true impact of Friday’s attack, especially since it was launched by the Russia-linked REvil gang on the eve of the U.S. Fourth of July holiday, and many targets may only be discovering it on returning to work Tuesday.

Most of the more than 60 Kaseya customers that company spokeswoman Dana Lindholm said were affected in an email Sunday are managed service providers (MSPs) who work with multiple customers downstream.

ransomware attack

“Given the relationship between Kaseya and MSPs, it’s unclear how Kaseya would know the number of victims impacted. There is no way the numbers are as low as Kaseya is claiming, though,” said Jake Williams, chief technical officer of the cybersecurity firm BreachQuest.

The hacked Kaseya tool, VSA, remotely maintains customer networks, automating security and other software updates. A device designed to protect networks from malware was cleverly used to distribute it.

“It’s too soon to tell since this entire incident is still under investigation,” said the cybersecurity firm Sophos, tracking it closely. It and other cybersecurity outfits questioned whether Kaseya had visibility into disabled managed service providers.

The German news agency dpa reported earlier Sunday an unnamed German IT services company told authorities several thousand of its customers were compromised. In an interview with The Associated Press on Sunday, Kaseya CEO Fred Voccola estimated the number of victims in “the low thousands.” Also among the reported victims were two Dutch IT services companies.

A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including financial services, travel and leisure, and the public sector — though few large companies, Sophos said.

Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Most ransomware victims don’t publicly report attacks or disclose if they’ve spent the ransom. Victims get a decoder key when they pay up.

President Joe Biden said Saturday that he ordered a “deep dive” by U.S. intelligence into the attack and that the U.S. would respond if it determines the Kremlin is involved.

Related Posts