Between 800 and 1,500 companies worldwide have been affected by a ransomware attack centered on US information technology company Kaseya, its chief executive said on Monday.
Fred Voccola, chief executive of the Florida-based company, said in an interview that it was difficult to estimate the precise impact of Friday’s attack because those affected were mainly customers of Kaseya’s customers.
Kaseya is a company that provides software tools for IT outsourcing companies: companies that typically handle back office work for companies that are too small or have little resources to have their own technical departments.
One of those tools was hijacked on Friday, allowing hackers to cripple hundreds of businesses across five continents. Although most of those affected were small worries – such as dental offices or accountants – the disruption was felt most severely in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative, or in operation. New Zealand, where schools and kindergartens were taken offline.
The hackers who claimed the breach have asked for $ 70 million to restore all data from the affected companies, although they have indicated their willingness to temper their requests in private conversations with a cybersecurity expert and with Reuters.
“We are always ready to negotiate,” a pirate representative told Reuters on Monday. The representative, who spoke through a chat interface on the hackers website, did not provide his name.
Voccola declined to say if he was prepared to accept the pirates’ offer.
“I can’t say yes, no or maybe,” he said when asked if his company would talk or pay the hackers. “No comment on anything to do with negotiating with terrorists in any way. “
The subject of ransom payments has grown increasingly heavy as ransomware attacks become more disruptive – and lucrative.
Voccola said he spoke to officials at the White House, Federal Bureau of Investigation and Department of Homeland Security about the breach, but declined to say what they told him about the payment or negotiation.
On Sunday, the White House said it was checking whether there was a “national risk” posed by a ransomware outbreak, but Voccola said that – so far – it was not aware of any organization of national significance affected.
“We are not looking for massive critical infrastructure,” he said. “It’s none of our business. We do not use the AT&T network or the Verizon 911 system. Nothing like. “
Since Voccola’s company was patching a vulnerability in the software that was exploited by hackers when the ransomware attack was carried out, some information security professionals have speculated that the hackers could have monitored his company’s communications from the inside.
Voccola said neither he nor the investigators his company hired saw any sign of this.
“We don’t think they were part of our network,” he said. He added that the details of the violation would be made public “once it is ‘safe’ and you can do it.”
Some experts believe that all the fallout from the hack will be highlighted on Tuesday, when Americans return from their July 4th holiday weekend. Beyond the United States, the most notable disruptions occurred in Sweden – where hundreds of Coop supermarkets had to close because their cash registers were inoperative – and New Zealand, where 11 schools and several gardens children were affected.
In their conversation with Reuters, the pirate representative called the disruption in New Zealand “an accident.”
But they expressed no regrets about the disruption in Sweden.
Closing the supermarkets was “nothing more than a business,” the representative said.
According to a study published by cybersecurity firm ESET, a dozen different countries have had organizations affected by the breach in one way or another.