Hackers may have breached up to 1,500 businesses in what is being called the biggest ransomware attack yet, according to a Monday statement from Kaseya, a software vendor whose product for remote IT management was apparently exploited in the attack.
The hackers, believed to be affiliated with the group REvil, have made ransom demands of individual victims and have also offered to release a code that would unlock all compromised machines for $70 million. The group recently extracted an $11 million ransom from meat producer JBS after ransomware disrupted the company’s food production lines.
The attack appears to have mostly struck a small handful of companies that use hosted versions of Kayesa’s software. The problem is that many of those companies are themselves IT providers, meaning that their own customers were also affected. Kaseya has emphasized that there doesn’t seem to be an effect on critical infrastructure, as in the recent Colonial Pipeline hack that disrupted gasoline supplies, but that may be of little comfort to the businesses that were affected or their own customers.