Between 800 and 1,500 businesses around the world have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, its chief executive said Monday.
Fred Voccola, the Florida-based company's CEO, said in an interview that it was hard to estimate the precise impact of Friday's attack because those hit were mainly customers of Kaseya's customers.
Kaseya provides software tools to information technology outsourcing shops: companies that typically handle back-office work for companies too small or modestly resourced to have their own tech departments.
One of those tools was subverted Friday, allowing the hackers to paralyze hundreds of businesses on five continents. Although most of those affected have been small concerns such as dentists' offices or accountants, the disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative, or New Zealand, where schools and kindergartens were knocked offline.
The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses' data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.
"We are always ready to negotiate," a representative of the hackers told Reuters earlier Monday. The representative, who spoke via a chat interface on the hackers' website, didn't provide their name.
Voccola refused to say whether he was ready to take the hackers up on the offer.
"I can't comment yes, no or maybe," he said when asked whether his company would talk to or pay the hackers. "No comment on anything to do with negotiating with terrorists in any way."
Voccola said he had spoken to officials at the White House, the FBI and the Department of Homeland Security about the breach, but so far, he was not aware of any nationally important business being affected.
"We're not looking at massive critical infrastructure," he said. "That's not our business. We're not running AT&T's network or Verizon's 911 system. Nothing like that."
Because Voccola's firm was in the process of fixing a vulnerability in the software that was exploited by the hackers when the ransomware attack was executed, some information security professionals have speculated that the hackers might've been monitoring his company's communications from the inside.
Voccola said neither he nor the investigators his company had brought in had seen any sign of that.
"We don't believe that they were in our network," he said. He added that the details of the breach would be made public "once its 'safe' and OK to do that."
About a dozen different countries have been affected by the breach, according to research published by cybersecurity firm ESET.