AFP, published on Tuesday 06 July 2021 at 23:49
The American computer company Kaseya, victim of a cyber attack with “ransomware” which could have affected up to 1,500 companies in the world, tried Tuesday to restart its servers to allow its thousands of customers to access their services again in line.
Kaseya initially planned to restart her machines on Monday but delayed several times when she thought it could be done safely.
The company, which provides IT services to some 40,000 companies in 20 countries around the world, says the assault it suffered on Friday affected less than 60 direct customers.
Adding the indirect victims, namely the customers of its customers, “we believe that less than 1,500 companies in total have been affected,” Kaseya said on her website late Monday evening.
“It seems that this has caused minimal damage to American companies,” said US President Joe Biden during a press briefing on Tuesday. His services are “still in the process of gathering information on the extent of the attack,” he said, promising further details “in the days to come”.
Swedish supermarket chain Coop was among the indirect victims of the attack, its checkouts crippled when its IT contractor, Visma Esscom, was hit.
As of Tuesday morning, the majority of the approximately 800 Coop stores were still closed.
Ransomware attacks, when a hacker encrypts a company’s data and demands a ransom to unblock it, have become common.
The United States has been particularly hit in recent months by attacks affecting large companies such as the meat giant JBS or the oil pipeline manager Colonial Pipeline, but also local communities and hospitals.
– Discussions between Moscow and Washington –
According to many experts, hackers behind ransomware cyber attacks are often based in Russia and the one against Kaseya was carried out by an affiliate of the Russian-speaking hacker group known as REvil.
As it has leveraged itself by targeting a company providing IT services to many other companies, “this is probably the biggest ransomware attack of all time,” said Ciaran Martin, professor of cybersecurity at the University of London. ‘Oxford.
A demand published Sunday on the darknet blog “Happy Blog”, associated in the past with REvil, calls for the payment of a ransom of $ 70 million in bitcoins to make the decryption key public. Hackers claim to have reached “a million devices and networks”.
White House spokeswoman Jen Psaki said on Tuesday that following a meeting between Presidents Joe Biden and Vladimir Putin on the subject in mid-June, discussions between high-level experts from the two countries have started. .
A new meeting is planned in this context next week “which will be dedicated to ransomware attacks,” she added.
The administration’s message remains the same, said Psaki: “If the Russian government is unable or unwilling to take action against criminal actors residing in Russia, we will take action or reserve the right to take action. measurements ourselves. “
– rat race –
The attack affected users of Kaseya’s VSA software designed to remotely manage networks of servers, computers and printers.
According to its last message around 4:00 p.m. GMT on Tuesday, the company planned to restart its servers for customers using its software remotely between 8:00 p.m. and 11:00 p.m. GMT.
It then wanted to release a patch “within 24 hours” for customers using its software directly on their devices.
Jacques de La Rivière, managing director of the French cybersecurity firm Gatewatcher, wonders whether REvil has demanded a single ransom.
“The victims are never going to contribute to have the encryption key” and the hackers “will never have any remuneration” for this attack.
For him, the authors of the attack may have acted “in haste”, not to be overtaken by other hackers also aware of the flaw.
“As there are more and more players” looking to carry out ransomware attacks, given the profitability of these operations, “the guys are doing anything to be the first to exploit a loophole,” he said. -he.