The FBI said Sunday the “scale” of a major ransomware attack against a US IT company could mean investigators won’t be able to work with every victim individually.
Hackers hit Kaseya, a firm that provides IT services to other companies, with a ransomware attack that could have targeted as many as 1,000 other businesses on Friday, just before the long holiday July 4 weekend in the US.
The FBI said it had opened an investigation along with the Cybersecurity and Infrastructure Security Agency and other US federal agencies “to understand the scope of the threat”.
“If you believe your systems have been compromised, we encourage you to employ all recommended mitigations, follow Kaseya’s guidance to shut down your VSA servers immediately and report to the FBI,” the bureau said in a statement Sunday, referencing the signature networking software that was attacked.
“Although the scale of this incident may make it so that we are unable to respond to each victim individually, all information we receive will be useful in countering this threat,” the FBI statement said.
President Joe Biden said Saturday that he had ordered an investigation, in particular to find out whether the assault had come from Russia.
“We’re not sure yet,” he said Saturday.
Russian-based hackers have been blamed for a string of ransomware attacks, and Biden recently raised the threat in talks with Russian counterpart Vladimir Putin.
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses. VSA is designed to let companies manage networks of computers and printers from a single point.
The company said in a new statement Sunday that they were working “around the clock in all geographies” to get their systems working again.
They said they hoped to get a restricted version of their platform running again within days.
The disruption forced Swedish supermarket chain Coop Sweden to close on Saturday because their cash register system had been taken down in the attack.
Multiple US companies, including the computer group SolarWinds and the Colonial oil pipeline, have also recently been targeted by ransomware attacks.