Up to 1,500 businesses around the world have been affected by a large-scale ransomware attack targeting a popular IT management tool from U.S. software vendor Kaseya. The targeted software, a tool called VSA, is widely used by IT service providers to manage the IT infrastructure of smaller firms, making it harder to gauge the total impact of Friday’s attack.
“To date, we are aware of fewer than 60 Kaseya customers, all of whom were using the VSA on-premises product, who were directly compromised by this attack. While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses,” Kaseya wrote in a statement on Monday, advising customers to keep VSA Servers offline until further notice.
According to a Reuters report, the attack paralyzed mostly small businesses around the world, with a Swedish supermarket chain forced to close hundreds of stores among the larger victims. The group claiming responsibility for the attack, a Russian-linked cyber crime collective called REvil, have demanded $70 million to restore the data they’re holding ransom, making it one of the largest ransomware attacks to date.
Ransomware attacks have become more common and increasingly costly over the past few years. According to Chainalysis, a blockchain data platform tracking cryptocurrency payments to known ransomware addresses, victims paid more than $400 million in ransom last year, marking a 337-percent jump from the 2019 total. “2020 will forever be known as the year of Covid, but when it comes to crypto crime, it’s also the year that ransomware took off,” Chainalysis writes in its 2021 Crypto Crime Report. As the following chart shows, ransomware attacks show no signs of easing in 2021. In the first five months of the year, victims already transferred more than $80 million to cyber criminals, almost matching the total for the entire year of 2019.