The company whose software was exploited in the largest ransomware attack on record said Tuesday that to date, it appears less than 1,500 companies have been compromised. But cybersecurity experts suspected the estimate was low and noted the victims were still being identified.
Miami-based Kaseya said in a prepared statement that she believed that only 800 to 1,500 of the estimated 800,000 to 1,000,000, mostly small businesses – business customers who use it to manage infrastructure computer – were affected by the attack.
The statement was widely reported after the White House shared it with the media.
However, cybersecurity experts said it was too early for Kaseya to know the true impact of Friday’s attack, especially since it was launched by the Russian-linked REvil gang on the eve of the July 4th holiday and that many targets may be just finding out. back to work Tuesday.
Most of Kaseya’s more than 60 customers who company spokesperson Dana Liedholm said were affected in an email Sunday are Managed Service Providers (MSPs) who have multiple downstream customers.
âGiven the relationship between Kaseya and the MSPs, it is not clear how Kaseya would know the number of victims affected. However, the numbers cannot be as low as Kaseya claims, âsaid Jake Williams, CTO of cybersecurity firm BreachQuest.
The hacked Kaseya tool, VSA, remotely maintains customer networks, automating security and other software updates. Essentially, a tool designed to protect networks from malware has been cleverly used to distribute it.
“It’s too early to tell, as this whole incident is still under investigation,” said cybersecurity firm Sophos, which is monitoring the incident closely. She and other cybersecurity groups questioned whether Kaseya had visibility into crippled managed service providers.
In an interview with the Associated Press on Sunday, Kaseya CEO Fred Voccola estimated the death toll at “a few thousand”. German news agency dpa reported earlier on Sunday that an anonymous German IT services company told authorities that several thousand of its customers were compromised. Among the reported victims were also two Dutch IT service companies.
A wide range of businesses and public agencies have been affected by the latest attack, apparently on all continents, including in financial services, travel and leisure, and the public sector – although few large companies, have Sophos said.
Ransomware criminals infiltrate networks and plant malware that cripples them by scrambling all of their data. Victims receive a decoder key when they pay. Most ransomware victims do not publicly report attacks and do not disclose if they have paid ransoms.
President Joe Biden said on Saturday he had ordered a “deep dive” by US intelligence services into the attack and that the US would respond if it determined the Kremlin was involved.
Like this article ? Access all of our great content with a monthly subscription. Start your subscription here.