MIAMI — Hackers are demanding as much as $70 million from one of Miami’s oldest tech firms in a cyberattack that has reverberated around the world.
Kaseya, a provider of IT and security management software founded in 2001, notified the White House and federal authorities that a cyberattack was initiated against it last Friday. The White House issued a statement Sunday saying the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working with Kaseya and coordinating outreach to impacted victims.
According to Reuters, the attack has affected entities including hundreds of supermarkets in Sweden, whose cash registers were taken offline, and schools and kindergartens in New Zealand whose networks had Kaseya as their backbone.
“Our global teams are working around the clock to get our customers back up and running,” Kaseya CEO Fred Voccola said in a statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
A Kaseya representative did not immediately respond to a request for comment.
Adam Meyers, senior vice president of intelligence at cybersecurity group CrowdStrike, said Kaseya is likely to suffer financial and even legal repercussions as a result of its software being compromised. Kaseya functions as the security firm that other IT firms, called managed-service providers, are supposed to rely on to avoid these kinds of incidents.
“A client is going to say, ‘We pay you for security and this happened,’ not, ‘Maybe next time do better.’ I do think there will be an impact from that (on Kaseya), and there’s potentially litigation that could come later. I imagine this will be something that goes on for awhile.”
The hackers, who have not identified themselves but who are believed to originate from Russia or Eastern Europe, are using software called REvil that encrypts files on an affected computer’s server and requires a decryption key to unlock them.
Reuters said the hacking group claiming responsibility has demanded $70 million to restore all the affected businesses’ data.
“We are always ready to negotiate,” a representative of the hackers told Reuters earlier this week.
A Biden administration spokeswoman said the president would expect Moscow to respond to any attacks emanating from Russia.
“As the president made clear to (Russian President Vladimir) Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action — or reserve the right to take action — on our own,” said White House spokeswoman Jen Psaki.
The White House put out a statement Monday encouraging any company that believes it was affected by the hack to contact federal law enforcement authorities.
Psaki said the administration discourages all companies that are subjected to ransomware attacks from paying ransom to hackers.
“The attack over the weekend underscores the need for companies and government agencies, as well, to focus on improving cybersecurity,” Psaki said.
Meyers, the security analyst, said Kaseya could end up having to pay the ransom to obtain the key.
“I’ve seen large ransoms paid in the past,” he said. “If you fast forwarded a week and said, ‘Hey, they paid the ransom,’ I don’t think I would be surprised.”
In August 2019, Kaseya received a $500 million investment from San Francisco-based private equity group TPG, along with its current majority holder, New York-based venture and private equity group Insight Partners.
———
