A US software company hit by a major ransomware attack that crippled hundreds of businesses worldwide was working Tuesday to restart its servers in order to bring customers back online, but it said it had run into additional technical difficulties.
Kaseya, the Miami-based IT firm at the center of the hack, said in a 10 p.m. (0200 GMT) update that “an issue was discovered that has blocked the release” while working to redeploy its software program.
After another delay, the company has pushed back its forecast for resuming its cloud-based systems, which had been scheduled for Tuesday evening.
Previously, Kaseya advised customers to keep their systems turned off until it could ensure their safety. The unprecedented attack impacted an estimated 1,500 businesses and resulted in a $70 million ransom demand.
Kaseya said its systems were being re-enabled with “enhanced security measures” and the “ability to quarantine and isolate files and entire… servers” in the event of an infection.
While Kaseya is relatively unknown to the general public, analysts believe it was a prime target because its software is used by thousands of businesses, allowing the hackers to cripple a large number of businesses with a single blow. Kaseya provides IT services to approximately 40,000 businesses worldwide, some of which manage the computer systems of other businesses.
The hack affected users of the company’s signature VSA software, which is used to manage computer and printer networks.
Experts believe this could be the largest “ransomware” attack on record, a lucrative form of digital hostage-taking in which hackers encrypt victims’ data and then demand payment to restore access.
The Kaseya attack has spread around the world, affecting businesses ranging from pharmacies to gas stations in at least 17 countries, as well as dozens of kindergartens in New Zealand. The majority of Sweden’s 800 Coop supermarkets were closed for the third day in a row after the hack paralyzed their cash registers.
While less than 60 of Kaseya’s own customers were “directly compromised,” the company estimated that up to “1,500 downstream businesses” were affected.
According to White House spokeswoman Jen Psaki, the administration is monitoring the situation amid reports that the attacks were carried out by a Russian-based cyber gang. She did, however, state that “the intelligence community has not yet attributed the attack… we will continue to allow that assessment to proceed.”
Psaki echoed President Joe Biden’s warning to his Russian counterpart, Vladimir Putin, that “if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action on our own.”
When asked about the incident on Tuesday, Biden stated that there appeared to be “minimal damage to US businesses” thus far, but that “we are still gathering information on the full extent of the attack.”
REvil, a group of Russian-speaking hackers known for their ransomware attacks, is widely suspected of being behind Friday’s attack. A post on Happy Blog, a site associated with the group on the dark web, claimed responsibility for the attack, claiming it infected “more than a million systems.”
In exchange for the release of an online tool that would decrypt the stolen data, the hackers demanded $70 million in bitcoin.
While the hackers are thought to have been contacting individual victims and requesting smaller payments, the unprecedented demand for $70 million has analysts baffled.
According to French cybersecurity expert Robinson Delaugerre, REvil may be viewing the Kaseya attack as a final spectacular act before going out of business.
According to IBM’s Security X-Force unit, the group was responsible for approximately 29 percent of ransomware attacks in 2020, stealing an estimated $123 million.
The FBI believes REvil was also behind a ransomware attack on global meat-processing giant JBS last month, which resulted in a $11 million payment to the hackers.
In recent months, the United States has been a particular target of high-profile cyber attacks blamed on Russian-based hackers, with the Colonial oil pipeline and IT firm SolarWinds among the victims.