The extent of a major ransomware attack that U.S. cybersecurity experts have attributed to a Russian-speaking gang has yet to be determined, as more companies come forward to claim their systems have been compromised.
Cyber security experts quoted in U.S. news reports on July 4 said the attack hit thousands of victims in at least 17 countries when it was launched on July 2. They said the cybercriminals demanded ransoms of between $ 45,000 and $ 5 million.
Fred Voccola, CEO of Kaseya, the American company whose software was pirated, also estimated the number of victims in the thousands. He said most are small businesses like dental offices, architectural firms, surgery centers and libraries. Schools, small government agencies, travel agencies and accounting agencies are also among the reported victims.
The company believes it has identified the source of the vulnerability and will release a patch as soon as possible for affected customers, Voccola said in an interview with The Associated Press.
Voccola declined to provide details of the breach except to say that it was not phishing and that “the level of sophistication here was extraordinary.”
Cyber security experts claim that the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack and it was no coincidence that it was launched at the start of the bank holiday weekend. of independence from the United States. Many victims may not discover they were affected until they reopen on July 5 or 6.
The FBI and the US Cybersecurity and Infrastructure Security Agency are investigating and have asked companies to report the incidents, but warned that “the magnitude of this incident may mean that we may not be able to respond to each victim individually.”
President Joe Biden has asked U.S. intelligence agencies to investigate, and Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technologies, said in a report on July 4, that the FBI and the Department of Homeland Security “will contact identified victims to provide assistance based on a national risk assessment.”
One of the companies involved is the Swedish grocery chain Coop. It was forced to close most of its 800 stores on July 3 and 4 because the attack crippled its cash register software. A Swedish chain of pharmacies, a chain of gas stations, the public railway and the public broadcaster SVT were also affected.
Germany’s federal cybersecurity watchdog said an unidentified IT service provider who takes care of several thousand customers has been affected. Two large Dutch IT service companies were also among the targets.
Ransomware attacks are carried out by hackers who break into networks and distribute malicious computer code used to encrypt a victim’s digital data. The data is unusable until the targeted company pays the ransom.
High-profile ransomware attacks in May targeted a U.S. energy pipeline and a global meat processor. U.S. law enforcement officials said they recovered most of the ransom paid in the pipeline case.
The following month, Biden lobbied Russian President Vladimir Putin at their Geneva summit over ransomware gangs allegedly operating with impunity in Russia. Biden said he also told Putin that the United States would respond if an investigation determined the Russian government was behind an attack.