The White House said Sunday it reached out to the victims of a major ransomware outbreak that is centered on a Florida-based information technology company and has affected hundreds of businesses around the world.
Miami-based Kaseya has said fewer than 60 of its customers had been “directly affected” by the attack.
But the full impact of the hack is still in focus, in part because the Kaseya software tool commanded by cybercriminals is used by so-called managed service providers, outsourcing stores that other companies use to manage their back-office IT work, such as installing updates.
A cyber security chief said his company alone had seen 350 customers attacked.
The White House’s deputy national security adviser on cyber and new technology, Anne Neuberger, said in a statement that the FBI and the Department of Homeland Security’s cyber arm “will reach out to identified victims to provide assistance based on a national risk assessment.”
President Joe Biden said Saturday he instructed U.S. intelligence agencies to investigate who was behind the ransomware attack.
Security firm Huntress Labs said Friday that it believed the Russian-affiliated REvil ransomware gang was to blame for the recent outbreak. Last month, the FBI accused the same group of paralyzing meat packages JBS SA.
Kaseya said Sunday it hired cyber-security firm FireEye Inc to help deal with the fallout from the breach.
“The two largest regions we’ve seen are the United States and Germany,” said Ross McKerchar, Chief Information Security Officer at Sophos Group Plc, about the impact of the latest ransomware.
Those affected included schools, small public sector bodies, travel and leisure organizations, credit unions and auditors,
Rash of German victims may be due to a major provider being compromised. Germany’s federal cyber security watchdog said on Sunday an unidentified IT service provider looking for thousands of customers had been hit.
In some cases, chain reactions caused more widespread disturbance.
The Swedish Coop grocery chain had to close hundreds of stores on Saturday because its cash registers are operated by Visma Esscom, which manages servers for a number of Swedish companies and in turn uses Kaseya.
McKerchar said the wave of disruptions was another illustration of how difficult it was for modest companies to repel increasingly well-funded cyber-criminal gangs.
“Small businesses are surpassed when it comes to cybersecurity,” he said.
(Reporting by Raphael Satter and Trevor Hunnicutt; further reporting by Andreas Rinke in Berlin; editing by Peter Cooney)