By Raphael Satter
WASHINGTON (Reuters) – Ransomware-hit IT firm Kaseya said on Sunday it hired cybersecurity company FireEye Inc to help deal with the fallout of a major breach that has affected hundreds of businesses worldwide.
In a message https://www.kaseya.com/potential-attack-on-kaseya-vsa posted to its website, Miami-based Kaseya said its employees “have been actively engaged with FireEye and other security assessment firms” to investigate the attack, which struck on Friday and quickly spread across the globe.
FireEye confirmed to Reuters it was working with Kaseya.
The full impact of the intrusion at Kaseya is still coming into focus, in part because the affected Kaseya software tool is used by so-called managed service providers, outsourcing shops that other businesses use to handle their back-office IT work, like installing updates.
The Swedish Coop grocery store chain had to close hundreds of stores on Saturday because its cash registers are run by Visma Esscom, which manages servers for a number of Swedish businesses and in turn uses Kaseya.
One cybersecurity executive said his company alone had seen 350 customers attacked.
“The two biggest regions we’ve seen are USA and Germany,” said Ross McKerchar, chief information security officer at Sophos Group Plc
Targets included schools, small public-sector bodies, travel and leisure organizations, credit unions and accountants, he said.
McKerchar said the wave of intrusions was another illustration of how difficult it was for modestly sized businesses to beat back increasingly well-funded cybercriminal gangs.
“Small businesses are outgunned when it comes to cybersecurity,” he said.
(Reporting by Raphael Satter; Editing by Peter Cooney)
