Kaseya, an American company that develops software for managing computer networks, was targeted by a ransomware gang on Friday.
The group claiming responsibility, a notorious Russian-speaking cybercriminal entity known as REvil, was able to lock the networks of hundreds of Kaseya’s customers by targeting the company’s widely-used software.
Kaseya CEO Fred Voccola first announced on Friday that a suspected attack had taken place. Just two days later on July 4, Voccola asserted that the company had been the “victim of a sophisticated cyberattack.”
REvil is believed to have relied on what are known as “zero-days,” vulnerabilities that have no known patch, to infiltrate Kaseya. Once the ransomware was deployed, countless victims were locked out of their own systems. REvil then informed the victims that their systems would be returned once a ransom was paid.
Although Kaseya has argued that less than 60 of its clients were affected, many of the customers of those clients were infected as well. The company later stated that it believed as many as 1,500 downstream businesses had been hit with the ransomware in what is referred to as a “supply-chain attack.”
REvil has claimed on its dark web blog, however, that it was able to infect at least 1 million systems as part of the attack. Individual victims have been told that they need to pay anywhere from $44,999 to $5 million to have their systems unlocked. REvil has also offered to unlock every system in exchange for a lump sum of $70 million.
The attack led President Joe Biden on Saturday to direct federal agencies to investigate. The incident comes just weeks after REvil took credit for the ransomware attack against meat supplier JBS, which ultimately paid the cybercrime gang $11 million.