The U.S. software firm hit by a REvil ransomware attack that crippled hundreds of companies worldwide has failed to bring its services online after discovering an ‘issue’ that delayed the redeployment.
Kaseya, the Miami-based company at the center of the hack, said in an alert on Tuesday night that ‘an issue was discovered that has blocked the release’ of its key service, which provides system monitoring and management for IT service providers.
‘We apologize for the delay and R&D and operations are continuing to work around the clock to resolve this issue and restore service,’ the company added, saying another status update would be issued on Wednesday morning.
Scroll down for video
Kaseya CEO Fred Voccola vowed in a video message that service would be restored ‘in the coming hours’ but an issue on Tuesday night blocked the planned deployment
A geography of attack attempts is seen in data from Kaspersy’s Threat Intelligence service. REvil does not target victims in Russia or the former Soviet satellite states
Until it can redeploy its cloud-based services, Kaseya told customers to keep their systems shut down until it assures them that it is safe.
‘We have been advised by our outside experts that customers who experienced ransomware and receive communication from the hackers should not click on any links — they may be weaponized,’ Kaseya warned.
The unprecedented attack unfolded over the Independence Day holiday weekend, affecting an estimated 1,500 businesses.
The REvil hacker gang, a notorious group thought to be based in Russia or Eastern Europe, demanded a ransom of $70 million to release the decryption key that would unlock all the affected systems.
The group bragged that it had infected one million companies through the supply-chain attack, but cyber security experts consider this to be a gross exaggeration.
Kaseya said on Tuesday that approximately 50 of its customers had been breached.
Those customers primarily provide IT services to other companies, and about 800 to 1,500 local and small businesses were compromised, Kaseya said.
Kaseya said on Tuesday that approximately 50 of its customers had been breached – but another 800 to 1,500 of their customers’ customers have also been knocked offline
Cyber attack on US IT provider forces Swedish grocery store chain to close ALL 800 stores
The Swedish Coop grocery store chain closed all its 800 stores on Saturday after the ransomware attack on Kaseya left it unable to operate its cash registers.
According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.
‘We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,’ Coop spokesperson Therese Knapp told Swedish Television.
The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.
State railways services and a pharmacy chain were also impacted by the attack.
‘They have been hit in various degrees,’ Visma Esscom chief executive Fabian Mogren told TT.
Defence Minister Peter Hultqvist told Swedish Television the attack was ‘very dangerous’ and showed business and state agencies need to better prepare. ‘In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,’ he said.
Even at that scale, the problem is significant, with some 1,000 companies down and unable to do business, costing them money for every hour that the attack drags on.
In his video address on Tuesday, Kaseya’s CEO spoke out in defense of the company, saying ‘even the best defenses get scored on.’
‘Unfortunately this happened. And it happens. Doesn’t make it ok, it just means it’s the way the world we live in is today,’ said Voccola.
Voccola named other major IT providers that have suffered breaches, including Microsoft, and then tried to pin the blame on cryptocurrencies such as Bitcoin, which are the preferred method of ransom payment for hackers.
‘Unfortunately there are bad people out there who can make a lot of money, or try to make a lot of money, and get paid in anonymous currencies that are very difficult if not impossible to trace by the authorities, so there’s no money trail for them to go and get these criminals,’ he said.
Voccola said that the staff at Kaseya had slept for ‘a grand total of four hours in the last two days literally and that’ll continue until everything is as perfect as can be.’
He added in a statement: ‘Our global teams are working around the clock to get our customers back up and running. We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.’
While Kaseya is little known to the public, analysts say it was a ripe target as its software is used by thousands of companies, allowing the hackers to paralyze a huge number of businesses with a single blow.
Kaseya provides IT services to some 40,000 businesses globally, some of whom in turn manage the computer systems of other businesses.
The hack affected users of its signature VSA software, which is used to manage networks of computers and printers.
Experts believe this could be the biggest ‘ransomware’ attack on record — an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims’ data and then demand money for restored access.
A sign that reads: ‘Coop Forum supermarket in Vastberga is closed due to IT disturbances, no prognosis as to when we will open again’ is seen Stockholm, Sweden on Saturday
The Kaseya attack has ricocheted around the world, affecting businesses from pharmacies to gas stations in at least 17 countries, as well as dozens of New Zealand kindergartens.
Most of Sweden’s 800 Coop supermarkets were shut for a third day running after the hack paralyzed its cash registers.
Kaseya says it is actively engaged with various governmental agencies including the FBI, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security and the White House.
Meanwhile, President Joe Biden is still not calling on his Russian counterpart Vladimir Putin to respond to the massive ransomware attack.
On Tuesday, he again pulled out notes to deliver a prepared response to reporters questioning whether the hack calls for retaliation.
‘I can tell you a couple things,’ Biden said when asked if the attack warrants a response from the U.S. as he started reading from a notebook. ‘I received an update from my national security team this morning.’
Critics are lashing out at President Joe Biden for not keeping his promise to get tough on Russia over cyberattacks after the most recent REvil hack affected some 1,000 companies
The president insisted the attack ‘appears to have caused minimal damages to U.S. businesses,’ despite reports showing at least 1,000 American companies were affected.
‘We’re still gathering information to the full extent of that attack,’ Biden said after delivering an update on the coronavirus pandemic and state of vaccinations from the White House.
He previewed: ‘I’m going to have more to say about this in the next several days. We’re getting more detail and information – but that’s what I can tell you now.’
‘And I feel good about our ability to be able to respond,’ he as he trailed off and left the room after taking just one question.