The company whose software was targeted in the world’s largest ransomware attack revealed on Tuesday that less than 1,500 organisations appear to have been affected. However, cybersecurity experts believe the figure is low, and victims are still being identified.
According to prepared statement from Miami-based Kaseya, only roughly 800 to 1,500 of the estimated 800,000 to 1,000,000 largely small business – customers of these companies that use its software to manage IT infrastructure – were hit by the attack.
After the White House shared the report with media outlets, it received a lot of attention.
However, cybersecurity experts said it was too early for Kaseya to know the full extent of Friday’s attack, especially given it was carried out by the Russia-linked REvil gang on the eve of the U.S. Fourth of July holiday, and many targets may only learn about it when they return to work on Tuesday.
The majority of the more than 60 Kaseya customers affected, according to company spokeswoman Dana Liedholm, are Managed Service Providers (MSPs) with many customers downstream.
Jake Williams, Chief Technical Officer (CTO) of the cybersecurity firm BreachQuest, said “Given the relationship between Kaseya and MSPs, it’s not clear how Kaseya would know the number of victims impacted. There is no way the numbers are as low as Kaseya is claiming though,”
VSA, the compromised Kaseya tool, manages client networks remotely by automating security and other software updates. To put it another way, it was cleverly distributed using a tool designed to secure networks against malware.
“It’s too soon to tell, since this entire incident is still under investigation,” said Sophos, a cybersecurity firm that has been closely following the incident. Kaseya’s insight into damaged managed service providers was questioned by it and other cybersecurity firms. Sophos and other cybersecurity firms expressed that they had doubts whether Kaseya had visibility into compromised managed service providers.
According to Sophos, the current attack reportedly targeted a wide range of organisations and public agencies across the globe, including those in financial services, travel and leisure, and the public sector – though few large organisations.