Ransomware attack leaves companies scrambling

Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.

They reported ransom demands of up to $5 million.

A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported.

CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like "dental practices, architecture firms, plastic surgery centers, libraries, things like that."

Voccola said in an interview that only between 50-60 of the company's 37,000 customers were compromised.

But 70% were managed service providers who use the company's hacked VSA software to manage multiple customers.

It automates the installation of software and security updates and manages backups and other vital tasks.

The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though "the scale of this incident may make it so that we are unable to respond to each victim individually."

Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data.

Victims get a decoder key when they pay up.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed.

Many victims may not learn of it until they are back at work on Monday.

The attack comes less than a month after U.S. President Joe Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.