Up to 1,500 businesses around the world may have been affected by a major ransomware attack that has shuttered hundreds of Swedish supermarkets, according to the American IT company at the centre of the hack.
Miami-based firm Kaseya, which provides IT services to some 40,000 businesses globally, said customers of its clients were the main victims of the attack, which saw hackers demand $70 million in bitcoin in exchange for the return of stolen data. “We understand the total impact thus far has been to fewer than 1,500 downstream businesses,” Kaseya said in an update on its website late Monday.
The tech company said only 60 of its own customers may have been affected by the ransomware attack — an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims’ data and then demand money for restored access. The attack — which experts believed was carried out by a Russian-speaking hacking outfit — compromised customers using Kaseya’s signature VSA software, which allows companies to manage networks of computers and printers from a single point. Kaseya said it is preparing to release a VSA patch to its customers to bring their services back online as soon as possible after testing. It will be released 24 hours after Kaseya’s servers that provide the software are brought back online, with a decision to be made on Tuesday morning, the update said.
The FBI is liaising with the company about improved security measures for its network and its customers’ systems after the attack, the firm added. Sweden’s Coop supermarket chain was among the indirect victims of the attack, with its cash registers paralysed since Friday when its IT subcontractor, Visma Esscom, was hit. Cybersecurity experts have identified firms affected by the hack in at least 17 countries, and the FBI said the scale of the attack is so large it may be “unable to respond to each victim individually.”