Sign in

REvil ransomware attack: Experts cast doubts as IT firm Kaseya says 800 to 1,500 customers compromised

In a statement released earlier on Tuesday, the company said that it responded “quickly” to the ransomware attack on its customers launched on the fourth of July weekend.

Published on: Jul 6, 2021, 22:39:56 IST
By | Written by | Edited by , Hindustan Times, New Delhi
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

Following a ransomware attack by the notorious REvil cybercrime gang, US based IT firm Kaseya, affected in the attack, on Tuesday said that “only approximately 50” of the more than 35,000 customers of the company were breached.

Swedish supermarket chain Coop had to temporarily close hundreds of stores nationwide after a ransomware attack by REvil blocked access to its cash registers. In picture - A shuttered Coop supermarket store in Stockholm, Sweden. (AFP)
Swedish supermarket chain Coop had to temporarily close hundreds of stores nationwide after a ransomware attack by REvil blocked access to its cash registers. In picture - A shuttered Coop supermarket store in Stockholm, Sweden. (AFP)

In a statement released earlier on Tuesday, the company said that it responded “quickly” to the ransomware attack on its customers launched on the fourth of July weekend. It further claimed that business continuity was ensured after the attack and owing to the company’s “rapid remediation and mitigation measures” several small and medium-sized businesses were saved from devastating impacts to their operations.

Experts have pointed the attack to the Russian-based REvil gang after a post on the Happy Blog in dark web, previously associated with the gang, claimed responsibility for the attack, threatening that more than a million systems have been affected.

Also read | Kaseya ransomware attack: Hackers demand $70 million ransom to restore data

‘Limited impact’

The company’s statement came a day after the hackers demanded a ransom of $70 million in Bitcoins, several news agencies reported earlier on Monday.

“On July 2, at approximately 2 p.m. EST, Kaseya was alerted to a potential attack by internal and external sources. Within an hour, in an abundance of caution, Kaseya immediately shut down access to the software in question. The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached,” Kaseya said in the statement.

“While impacting approximately 50 of Kaseya’s customers, this attack was never a threat nor had any impact to critical infrastructure,” it further claimed.

Many customers, who are managed service providers, use Kaseya’s technology for managing the IT infrastructure of local and small businesses that typically have less than 30 employees, the company also highlighted. “Of the approximately 800,000 to 1,000,000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1,500 have been compromised,” it further said. The company also assured that it is working closely with all government agencies following the breach.

Meanwhile, CEO Fred Voccola said that “Our global teams are working around the clock to get our customers back up and running. We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”

Also read | Hit by a ransomware attack in US? Your payment may be tax deductible

Experts doubtful

Despite Kaseya’s statement, cybersecurity experts opined that it is too early for the company to make a decisive assessment about the impact of the attack, a major reason being, the attack was launched on the fourth of July weekend, a holiday in the USA and businesses might become aware only on returning to work on Tuesday.

“Given the relationship between Kaseya and MSPs, it’s not clear how Kaseya would know the number of victims impacted. There is no way the numbers are as low as Kaseya is claiming though,” the Associated Press (AP) quoted Jake Williams, chief technical officer of the cybersecurity firm BreachQuest.

Another cybersecurity firm Sophos commented that it was too soon to have any assessment of the impact. “It’s too soon to tell, since this entire incident is still under investigation” Sophos said, according to AP.

Ciaran Martin, cybersecurity professor at the University of Oxford said this could be the biggest ransomware attack of all time. “It's probably the biggest ransomware attack of all time. Because of the nature of the attack there's still a lot of uncertainty over its impact,” news agency AFP quoted Martin as saying.

He also said that the total number of victims was “potentially huge” because the attack was a supply chain attack, typically targeting a company that serves thousands of firms, who in turn provide IT services to smaller businesses.

Of the many victims, Swedish supermarket chain Coop was one among the high profile customers. The cash registers of the company were paralysed because of the attack and according to spokesperson Kevin Bell, many of the 800 stores of the supermarket remained closed on Monday. He also said that the few hundreds that managed to reopen had to rely on other methods of payment by the customers.

(With agency inputs)

Get the latest headlines from US news and global updates from Pakistan, Nepal, UK, Bangladesh, Russia and US Iran war Live, get all the latest headlines in one place on Hindustan Times.