By Raphael Satter
WASHINGTON (Reuters) – The ransomware attacks on hundreds of businesses that were centered on Florida IT firm Kaseya were never a threat to U.S. critical infrastructure, the company said on Tuesday.
In a statement that was also forwarded to reporters by the U.S. National Security Council, Kaseya “this attack was never a threat nor had any impact to critical infrastructure,” the statement said.
The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – may not have had an impact on critical infrastructure in the United States, but the repercussions abroad have been serious.
In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack that knocked out most of its supermarkets, with a spokesman telling Reuters “we have more open stores than closed ones now.”
In New Zealand, 11 schools and several kindergartens were affected.
Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.
“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.
The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.
As ambitious at the attack on Kaseya was, hackers may have been casting their net even wider. IT services company SYNNEX Corp said in a statement Tuesday that “outside actors” had tried to win access to its customers through the company.
The statement said the attack “could potentially be in connection with the recent cybersecurity attacks of Managed Service Providers,” without providing further detail.
A spokeswoman for the group did not immediately return an email seeking further clarity on the attempted intrusion or its potential connection to Kaseya.
(Reporting by Raphael Satter; Douglas Busvine in Frankfurt and Johan Ahlander in Stockholm also contributed reporting. Editing by Kirsten Donovan and Alistair Bell)
