Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack

Asked about the cyberattack after he landed in Michigan on Saturday on a trip to celebrate Covid-19’s retreat in the United States, President Biden said he had been delayed in getting off the plane because he was being briefed about the attack. He said he had directed the “full resources of the federal government” to investigate. “The initial thinking was it was not the Russian government, but we’re not sure yet,” he said.

The attack became public on Friday, when Kaseya said that it was investigating the possibility that it had been the victim of a cyberattack. The company urged customers that use its systems management platform, called VSA, to immediately shut down their servers to avoid the possibility of being compromised by attackers.

“We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only,” Kaseya posted on its website, referring to organizations that keep their software at their own sites rather than housing it with a cloud provider. “We are in the process of investigating the root cause of the incident with the utmost vigilance.”

Fred Voccola, Kaseya’s chief executive, said in a statement on Saturday that less than 40 customers had been affected by the attack, but those customers include so-called managed service providers, which can each provide security and tech tools to dozens or even hundreds of companies.

That has magnified the attack’s severity, said John Hammond, a researcher at the cybersecurity company Huntress Labs.

Article source: https://www.nytimes.com/2021/07/02/technology/cyberattack-businesses-ransom.html