US IT firm Kaseya says working to restart after hack
July 7, 2021
Kaseya, the US-based software company at the center of last week's major ransomware attack, said late on Tuesday that it was working toward restarting its servers.
The company was forced to further push back its forecast for restarting its cloud-based systems after an issue was discovered, Kaseya said in its latest update.
The hack that struck on Friday and crippled hundreds of businesses worldwide is believed to be the biggest ransomware attack on record.
REvil, a group of Russian-speaking hackers, took credit for the breach. They demanded $70 million (€59 million) in Bitcoin to publicly release what they described as a "universal decryptor."
"The enhanced security measures are currently being implemented and verified for proper operation," Kaseya said in a statement.
It added that its systems were being brought back with "the ability to quarantine and isolate files and entire ... servers" in case of infection.
The company told customers to keep their servers offline until they were assured by Kaseya that it was safe to restore operations.
"We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links — they may be weaponized," the company said.
'Minimal damage' to US companies
US President Joe Biden said the hack seemed to have inflicted only "minimal damage" on American businesses.
"But we're still gathering information to the full extent of the attack," Biden told reporters on Tuesday.
"I feel good about our ability to be able to respond," he said.
The attack affected users of Kaseya's signature VSA software, which is used to manage networks of computers and printers.
Many of its clients are back office IT shops or companies providing IT services for corporate customers.
The attack affected businesses in at least 17 countries, from pharmacies to gas stations as well as dozens of kindergartens in New Zealand.
In Sweden, about 800 supermarkets run by the Coop chain are still in the process of recovering from the attack.
Three IT service providers in Germany were also affected, according to Germany's information security agency BSI.
"In Germany there are no cases as prominent as the one in Sweden," the spokesperson said, but added that several hundred companies were affected overall.
adi/msh (AFP, Reuters)