Kaseya ransomware attack affected eight European customers
Image: Sean Pollock, The Record, Kaseya
Adam Janofsky July 8, 2021

Kaseya ransomware attack affected eight European customers

Kaseya ransomware attack affected eight European customers

Florida-based software vendor Kaseya said that eight of its direct customers in the European Union were successfully hit by the sprawling ransomware attack that took place last Friday.

Those organizations were based in the UK, the Netherlands, Germany, Sweden, Norway, and Italy, according to Ronan Kirby, Kaseya’s president and general manager for Europe, the Middle East, and Africa (EMEA). His comments were part of a talk he delivered Thursday at a quarterly cyber threat event hosted by the Centre for Cybersecurity Belgium (CCB), the country’s main digital security authority.

Although the identities of the victims have not been made public, Kirby said “Sweden is the one everyone knows of,” referring to Coop, one of Sweden’s largest supermarket chains that was forced to shut down hundreds of stores late last week.

The eight European organizations are just a small slice of the attack’s potential impact:

  • Kaseya has said it believes that around 60 of its direct customers were hit in the attack.
  • Because many of Kaseya’s customers are service providers, there could be between 800 and 1,500 downstream victims, Kirby said.
  • “The impact has varied widely,” Kirby added. “Some companies had disaster recovery-as-a-service systems in place… Unfortunately the impact for others has been much more widespread.”
  • Cybersecurity researchers have said that an affiliate of the REvil gang has been demanding ransom payments of up to $5 million.
  • The group is also offering a universal decryptor key for all affected machines in exchange for $70 million.
  • Kaseya engaged with CISA, the FBI, and the Department of Homeland Security when it discovered the hack, and had previous relationships with the agencies because of its status as critical infrastructure in the US, Kirby said.
  • The company itself is “focused on taking care of our customers” and other organizations that have been affected, he said.
  • There has been “no breach, hack, or penetration whatsoever” of Kaseya’s own systems, Kirby said.

Adam is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.