Fallout continues in the single largest ransomware attack to date that has left thousands of companies around the world impacted by the breach.
Florida-based software vendor Kaseya says between 800 and 1,500 small and medium-sized businesses have been compromised in the most recent attack, which started Friday.
The U.S. National Security Council said the ransomware attack was never a threat to U.S. critical infrastructure, Reuters reported Tuesday.
Cyber experts believe an affiliate of the notorious Russia-linked gang REvil is responsible for this latest breach. They say hackers attacked through firms that remotely managed software infrastructures. The criminals essentially used a tool that helps protect against malware to spread their ransomware globally.
Thousands of business organizations – largely firms that remotely manage the IT infrastructure of others – were infected in at least 17 countries in Friday's assault. Sweden, The United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya were among the countries affected.
Because the attack by the notorious REvil gang came just as a long Fourth of July weekend began, many more victims were expected to learn their fate when they return to the office Tuesday.
The gang is the same group that extorted $11 million from the meat processor JBS last month.
REvil was seeking $5 million payouts from the so-called managed service providers that were its principal downstream targets in this attack, apparently demanding much less — just $45,000 — from their afflicted customers.
But late Sunday, REvil offered a universal decryptor software key for all affected machines in exchange for $70 million in cryptocurrency. Some researchers considered the offer a PR stunt, while others thought it indicates the criminals have more victims than they can manage.
Over the weekend, President Biden instructed the U.S. intelligence agencies to investigate the latest attack. In Geneva last month, Biden sought to pressure Russian President Vladimir Putin to end safe haven for REvil and other ransomware gangs that operate with impunity in Russia and allied states as long as they avoid domestic targets.
"And if it is, either with the knowledge of and/or a consequence of Russia, then I told Putin, 'We will respond'," Biden said.
The Russian government has denied any involvement in those attacks. The Kremlin says it hasn't received an inquiry from the U.S. government on this latest attack. Few analysts expect the Kremlin to crack down on a crime wave that benefits Putin's strategic objectives of destabilizing the West. The syndicates' extortionary attacks have worsened in the past year.
The FBI is asking companies affected by the ransomware to contact them. The agency also said in an earlier alert that the attack's scale "may make it so that we are unable to respond to each victim individually."