State-backed Kaseya hit with €59m ransomware demand

Ireland Strategic Investment Fund is among the US company’s many backers

The disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative. Photograph: iStock
The disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative. Photograph: iStock

Hackers claiming to be behind a major ransomware attack on State-backed technology company Kaseya are demanding $70 million (€ 59.1 million)to restore affected data.

The company, in which the Ireland Strategic Investment Fund (ISIF) is an investor, has said between 800 and 1,500 businesses globally have been affected by th attack.

Fred Voccola, the Florida-based company's chief executive, said in an interview that it was hard to estimate the precise impact of Friday's attack because those hit were mainly customers of Kaseya's customers.

Kaseya is a company which provides software tools to IT outsourcing shops: companies that typically handle back-office work for companies too small or modestly resourced to have their own tech departments.

READ MORE

One of those tools was subverted on Friday, allowing the hackers to paralyse hundreds of businesses on all five continents. Although most of those affected have been small concerns – like dentists’ offices or accountants – the disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative, or New Zealand, where schools and creches were knocked offline.

State investment

ISIF invested €19 million in Kaseya in 2018 as part of a larger fundraise for the company. In return for the investment, Kaseya located its international headquarters in Dublin and announced plans to create more than 100 jobs and to partake in a collaboration with third-level institutions.

ISIF does not use the company’s technology and there is no indication at this point that any Irish organisations are impacted by the recent attack.

The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.

“We are always ready to negotiate,” a representative of the hackers told Reuters earlier on Monday. The representative, who spoke via a chat interface on the hackers’ website, didn’t provide their name.

Mr Voccola refused to say whether he was ready to take the hackers up on the offer.

“I can’t comment ‘yes,’ ‘no,’ or ‘maybe’,” he said when asked whether his company would talk to or pay the hackers. “No comment on anything to do with negotiating with terrorists in any way.”

Mr Voccola said he had spoken to officials at the White House, the Federal Bureau of Investigation, and the Department of Homeland Security about the breach but declined to say what they had told him about paying or negotiating.

On Sunday the White House said it was checking to see whether there was any “national risk” posed by the ransomware outbreak but Mr Voccola said that – so far – he was not aware of any nationally important organisations being hit.

“We’re not looking at massive critical infrastructure,” he said. “That’s not our business. We’re not running AT&T’s network or Verizon’s 911 system. Nothing like that.”

Because Mr Voccola’s firm was in the process of fixing a vulnerability in the software that was exploited by the hackers when the ransomware attack was executed, some information security professionals have speculated that the hackers might’ve been monitoring his company’s communications from the inside.

Mr Voccola said neither he nor the investigators his company had brought in had seen any sign of that.

Some experts believe the full fallout from the hack will come into focus on Tuesday, when Americans return from their July Fourth holiday weekend. Beyond the United States, the most notable disruption occurred in Sweden – where hundreds of Coop supermarkets had to shut their doors because their cash registers were inoperative – and in New Zealand, where 11 schools and several kindergartens were affected.

In their conversation with Reuters, the hackers’ representative described the disruption in New Zealand as an “accident”.

But they expressed no such regret about the disruption in Sweden.

The supermarkets’ closure was “nothing more than a business”, the representative said.

About a dozen different countries have had organisations affected by the breach in some way, according to research published by cybersecurity firm Eset.

– Additional reporting: Reuters

Charlie Taylor

Charlie Taylor

Charlie Taylor is a former Irish Times business journalist