The company whose software was exploited in the most significant ransomware attack on record said Tuesday that so far, it appears fewer than 1,500 businesses were compromised. But cybersecurity experts suspect the estimate is low and note that victims are still being identified. A couple of examples of the attack’s impact in the at least 17 countries affected: the weekend shuttering of most of the 800 supermarkets in the Swedish Coop chain because the malware crippled their cash registers, and the reported knocking offline of more than 100 New Zealand kindergartens.
Miami-based Kaseya said that it believes only about 800 to 1,500 of the estimated 800,000 to 1,000,000, primarily small business end-users of its software, were affected. They are customers of companies that use Kaseya’s virtual system administrator, or VSA, to manage their IT infrastructure fully.
However, cybersecurity experts said it is too early for Kaseya to know the true impact of Friday’s attack. They note that because the Russia-linked REvil gang launched it on the eve of the Fourth of July holiday weekend in the U.S., many targets may only be discovering it upon returning to work Tuesday.
Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up. Most ransomware victims don’t publicly report attacks or disclose if they’ve produced the ransom. In the U.S, disclosure of a breach is required by state laws when personal data that can be used in identity theft is stolen. Federal law mandates it when healthcare records are exposed.