The company whose software was exploited in the largest ransomware attack on record said on Tuesday that so far it appears less than 1,500 businesses were compromised.
But cyber security experts suspected the estimate was low and said the victims were still being identified.
Miami-based Casia said in a prepared statement that it believes only 800 to 1,500 out of an estimated 800,000 to 1,000,000 small businesses — customers of companies using its software to manage IT infrastructure — were affected by the attack. were affected.
The statement was widely reported after the White House shared it with media outlets.
However, cybersecurity experts said it was too early for Kasia to know the true impact of Friday’s attack, especially since it was launched on the eve of the US Fourth of July holiday by the Russia-linked Révil gang and targeted multiple targets only. can search for it. Returning to work on Tuesday.
Read also: The fallout from the largest global ransomware attack continues
More than 60 Kasia customers who were affected in an email Sunday, said company spokeswoman Dana Lidholm, are managed service providers (MSPs) that have many customers downstream.
“Given the relationship between Kassia and MSP, it is unclear whether Kasya will know about the number of victims affected. Kasya is claiming that the numbers are as high,” said Jake Williams, chief technical officer at cybersecurity firm BreachQuest. is not less.”
Hacked Kasia Tool, VSA, maintains customer networks remotely, automates security and other software updates. Essentially, a device designed to protect the network from malware was cleverly used to distribute it.
too soon to tell
Cyber security firm Sophos said, “It is too early to tell, as the entire incident is still under investigation.” It and other cybersecurity organizations questioned whether Kasia had visibility into crippled managed service providers.
In an interview with The Associated Press on Sunday, Kasia CEO Fred Voccola estimated the number of victims in the “low thousands”. An unnamed German IT services company told authorities on Sunday that several thousand of its customers had been compromised, German news agency DPA reported on Sunday. Two Dutch IT services companies were also among the reported victims.
Sophos said a wide range of businesses and public agencies were affected by the latest attack, apparently on all continents, including financial services, travel and leisure and the public sector – though some large companies.
Ransomware criminals infiltrate networks and sow malware that paralyzes them by scouring all their data. On payment the victims get a decoder key. Most ransomware victims do not publicly report attacks or disclose whether they have paid the ransom.
President Joe Biden said on Saturday he ordered a “deep dive” by US intelligence into the attack and that the US would respond if the Kremlin was involved.
.