Kaseya said in a statement on Monday that approximately 50 of its direct customers were breached in the attack that began to unfold on Friday. But hundreds more companies were affected because many of Kaseya’s customers provide IT services to small businesses such as restaurants and accounting firms.
“Our global teams are working around the clock to get our customers back up and running,” Kaseya CEO Fred Voccola said in the statement. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
Kaseya said that it has met with US government agencies including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). It said it had also engaged with the White House and cybersecurity firm FireEye Mandiant.
The White House on Sunday urged companies who believe their systems were compromised in the ransomware attack that targeted Kaseya to immediately report it to the Internet Crime Complaint Center.
Kaseya said that it had discussed “systems and network hardening requirements prior to service restoration” with the FBI and CISA. The company said that “a set of requirements” will be posted “to give our customers time to put these counter measures in place in anticipation of a return to service on July 6.”
An analysis of the malicious software by the cybersecurity firm Emsisoft shows that it was created by REvil, a ransomware gang which is believed to operate out of Eastern Europe or Russia.
In an interview with Reuters on Monday, Voccola would not say whether Kaseya will pay the hackers. “No comment on anything to do with negotiating with terrorists in any way,” he told Reuters.
Voccola also told Reuters he was not aware of any nationally important organizations being compromised in the attack. “We’re not looking at massive critical infrastructure,” he said. “That’s not our business. We’re not running AT&T’s network or Verizon’s 911 system. Nothing like that.”
— Brian Fung contributed to this report.