“To date, we know that less than 60 Kaseya customers, all of whom were using the on-premise VSA product, were directly compromised by this attack,” Kaseya said. “While many of these customers provide IT services to several other companies, we understand that the total impact to date has been on less than 1,500 downstream companies. We found no evidence that any of our [cloud] customers have been compromised. ”
Kaseya also said she met with the FBI and the Cybersecurity and Infrastructure Security Agency on Monday evening “to discuss system and network hardening requirements before service restoration for both. [cloud] and customers on site. A set of requirements will be posted before the service is restarted to give our customers time to put these countermeasures in place in anticipation of a return to service on July 6th. “
The REvil malware hit a wide range of IT management companies and compromised hundreds of their business customers late last week.
The cybercriminal gang, reportedly operating in Eastern Europe or Russia, has targeted software provider Kaseya, whose products are widely used by IT management companies, cybersecurity experts have said.
CNN reported earlier Monday that ransomware group REvil had demanded a payment of $ 70 million in Bitcoin for a decryption tool to restore corporate data.
In the interview with Reuters, Voccola did not say whether Kaseya would pay the hackers. “No comment on anything to do with negotiations with terrorists in any way,” he told Reuters.
Voccola also told Reuters he was not aware of any organizations of national importance compromised in the attack. “We are not looking for massive critical infrastructure,” he said. “It’s none of our business. We do not operate the AT&T network or the Verizon 911 system. Nothing like. “
– Brian Fung contributed to this report