Biden: US government unsure who staged latest cyberattack

(CNN Business)Software vendor Kaseya said Monday night that “fewer than 1,500 downstream businesses” have been affected by the recent ransomware attack that hit businesses around the world.

“To date, we are aware of fewer than 60 Kaseya customers, all of which were using the VSA on-premises product, who was directly compromised by this attack,” Kaseya said. “While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses. We have not found any evidence that any of our [cloud] customers were compromised.”
Kaseya also said that it met with the FBI and the Cybersecurity and Infrastructure Security Agency Monday night “to discuss systems and network hardening requirements prior to service restoration for both [cloud] and on-premises customers. A set of requirements will be posted prior to service restart to give our customers time to put these counter measures in place in anticipation of a return to service on July 6th.”

    REvil malware hit a wide range of IT management companies and compromised hundreds of their corporate clients late last week.

      The cybercriminal gang, which is believed to operate out of Eastern Europe or Russia, targeted software vendor Kaseya, whose products are widely used by IT management companies, cybersecurity experts said.

      Kaseya’s chief executive, Fred Voccola, said in an interview with Reuters Monday that it is hard to gauge the full impact of the attack, but the company believes between 800 to 1,500 businesses around the globe have been affected.
      CNN reported earlier Monday that the ransomware group REvil has demanded a $70 million payment in Bitcoin for a decryptor tool to restore the businesses’ data.
      In the interview with Reuters, Voccola would not say whether Kaseya will pay the hackers. “No comment on anything to do with negotiating with terrorists in any way,” he told Reuters.

        Voccola also told Reuters he was not aware of any nationally important organizations being compromised in the attack. “We’re not looking at massive critical infrastructure,” he said. “That’s not our business. We’re not running AT&T’s network or Verizon’s 911 system. Nothing like that.”
        – Brian Fung contributed to this report
        Source: Read Full Article