Criminals unleashed a massive ransomware attack in more than a dozen countries on Friday, affecting up to 1,500 organizations around the world, including a supermarket chain in Sweden and schools in New Zealand.
Security researchers linked the attack to a group called REvil, a Russian-speaking gang responsible for a ransomware attack on meat processor JBS at the end of May.
In the current incident, the attackers found a vulnerability in the product of Kaseya, a U.S.-headquartered company that provides software tools to its clients — IT outsourcing companies — which in turn provide services to their clients. Kaseya estimates that as many as 1,500 “downstream" businesses were affected.
Hackers have demanded $70 million in cryptocurrency in exchange for a key that decrypts all of the victims' data.
“The scale and scope of this attack is really unprecedented," cybersecurity expert Dmitri Alperovitch tells NPR.
Most of the affected organizations are small and medium businesses, such as dentist offices, car dealers, libraries, schools and grocery stores, says Alperovitch, chairman of the nonprofit group Silverado Policy Accelerator and a co-founder of CrowdStrike, a cybersecurity company.
The origin of the attack is still under investigation. But just last month at a summit with Russian President Vladimir Putin, President Biden warned the Russian leader that the U.S. would respond if the Russian government continued to allow cybercriminals to attack targets in the U.S.