The FBI said Sunday the “scale” of a major ransomware attack against a US IT company could mean investigators won’t be able to work with every victim individually.
Hackers hit Kaseya, a firm that provides IT services to other companies, with a ransomware attack that could have targeted as many as 1,000 other businesses on Friday, just before the long holiday July 4 weekend in the United States.
The FBI said it had opened an investigation along with the Cybersecurity and Infrastructure Security Agency and other US federal agencies “to understand the scope of the threat.”
“If you believe your systems have been compromised, we encourage you to employ all recommended mitigations, follow Kaseya’s guidance to shut down your VSA servers immediately and report to the FBI,” the bureau said in a statement Sunday, referencing the signature networking software that was attacked.
“Although the scale of this incident may make it so that we are unable to respond to each victim individually, all information we receive will be useful in countering this threat,” the FBI statement said.
President Joe Biden said Saturday that he had ordered an investigation, in particular, to find out whether the assault had come from Russia.
“We’re not certain” who is behind Friday’s attack, Biden said. “The initial thinking was it was not the Russian government, but we’re not sure yet.” He added that the U.S. would respond if it determines that Russia is to blame.
Russian-based hackers have been blamed for a string of ransomware attacks, and Biden recently raised the threat in talks with Russian counterpart Vladimir Putin.
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses. VSA is designed to let companies manage networks of computers and printers from a single point.
In a new statement Sunday, the company said that they were working “around the clock in all geographies” to get their systems working again.
They said they hoped to get a restricted version of their platform running again within days.
Multiple US companies, including the computer group SolarWinds and the Colonial oil pipeline, have also recently been targeted by ransomware attacks.
Last month, the DOJ announced that they would start prioritizing ransomware attacks at the same level as terrorist attacks.