Skip to main content

Cyber Attack Infects 40,000 Computers, Ransom Demands Up to $5 Million

REvil, the same group that collected an $11 million ransom payment from meat producer JBS SA about a month is back at it this weekend.
  • Author:
  • Publish date:
Department of Homeland Security

The WSJ reports Ransomware Group’s Attack Likely Hits Thousands of New Targets.

REvil is a well-known purveyor of ransomware—malicious software that locks up a victim’s computer until a digital ransom is paid, typically in the form of bitcoin. This latest attack appears to be its largest ever. The incident may have infected as many as 40,000 computers world-wide, according to cybersecurity experts.

Upon learning of the attack Friday, Kaseya immediately shut down its servers and began warning customers, the company said. Friday evening it said only customers running the software on their own servers, rather than users of Kaseya’s online service, appeared to have been affected. In an update Saturday morning, the company recommended that users of its software keep those products offline until further notice. The company also is keeping its own cloud-based services offline until it determines that it can safely restart them, Kaseya said.

Most of the customers of these providers are small and midsize organizations, said Kyle Hanslovan, chief executive of the security firm Huntress. While the cause of the attack is still being investigated, it is “very likely there is some vulnerability or a flaw that is being mass-exploited in VSA,” Mr. Hanslovan said.

About a month ago, a REvil attack temporarily knocked out plants that process one-fifth of the U.S. meat supply. JBS’s U.S. unit paid $11 million in ransom to the attackers, according to a company executive.

Ransom Demands Up to $5 Million

The New York Times reports Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack

Scroll to Continue


In Sweden, a grocery chain temporarily closed its doors after the attack. Some companies have been asked for $5 million in ransom.

In Sweden, the grocery retailer Coop was forced to close at least 800 stores on Saturday, according to Sebastian Elfors, a cybersecurity researcher for the security company Yubico. Outside Coop stores, signs turned customers away: “We have been hit by a large IT disturbance and our systems do not work.”

Mr. Elfors said a Swedish railway and a major pharmacy chain had also been affected by the Kaseya attack. “It’s totally devastating,” he said.

“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Mr. Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

Some of the affected companies were being asked for $5 million in ransom, Mr. Hammond said. Thousands of companies were at risk, he said.

Kaseya VSA Claims

Kaseya VSA Claims

It seems Kaseya had more than a bit of a problem meeting its vulnerability management marketing claims.