The recent ransomware attack that has ricocheted around the world, according to software vendor Kaseya, has compromised between 800 and 1,500 businesses.
Kaseya said in a statement on Monday that the attack, which started on Friday, affected about 50 of its direct customers. However, because many of Kaseya’s customers provide IT services to small businesses like restaurants and accounting firms, hundreds more businesses were affected.
“Our global teams are working around the clock to get our customers back up and running,” Kaseya CEO Fred Voccola said in the statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
Kaseya has met with US government agencies such as the FBI and the Cybersecurity and Infrastructure Security Agency, according to the company (CISA). The White House and cybersecurity firm FireEye Mandiant were also contacted, according to the report.
On Sunday, the White House urged companies that believe their systems have been hacked in the ransomware attack that targeted Kaseya to contact the Internet Crime Complaint Center right away.
Kaseya said that it had discussed “systems and network hardening requirements prior to service restoration” with the FBI and CISA. The company said that “a set of requirements” will be posted “to give our customers time to put these counter measures in place in anticipation of a return to service on July 6.”
According to cybersecurity firm Emsisoft’s analysis of the malicious software, it was created by REvil, a ransomware gang operating out of Eastern Europe or Russia.
REvil has demanded a $70 million payment in Bitcoin for a decryptor tool to restore the businesses’ data, according to CNN.
Voccola refused to say whether Kaseya will pay the hackers in an interview with Reuters on Monday. “No comment on anything to do with negotiating with terrorists in any way,” he told Reuters.
Voccola also told Reuters that no national security organizations had been harmed as a result of the attack. “We’re not looking at massive critical infrastructure,” he said. “That’s not our business. We’re not running AT&T’s network or Verizon’s 911 system. Nothing like that.”