WASHINGTON–Some credit unions are reportedly among the companies and organizations hit by a hacker gang’s ransomware attack over the Fourth of July weekend that reportedly has locked-up more than one-million individual devices.
The hackers are reportedly demanding $70 million in Bitcoin to free all the devices simultaneously.
Not all the specific institutions that have been affected, including credit unions, have been identified.
The White House said over the weekend it is in the process reaching out to victims of the wide-ranging ransomware outbreak that is reportedly centered on Miami-based Kaseya, an information technology company, which said fewer than 60 of its customers had been "directly affected" by the attack.
However, since many of Kaseya's customers are companies that manage internet services for other businesses, the number of victims is much larger than 60. NBC News reported that instead of locking an individual organization, as ransomware gangs usually do, the Russia-based cybergang believed to be behind the attack, REvil, this time locked each victim's computer as a standalone target, and initially asked $45,000 to unlock each specific one.
The Kaseya software tool commandeered by the cyber criminals is used by managed service providers, outsourcing shops that other businesses use to handle their back-office IT work, like installing updates.
FBI, DHS Involved
The White House said the FBI and the Department of Homeland Security's cyber arm are all involved in the response.
U.S. News & World Report said, “those affected included schools, small public-sector bodies, travel and leisure organizations, credit unions and accountants.”
The cybersecurity firm Huntress, which is helping Kaseya's response, said it is aware of more than 1,000 individual businesses that have been affected so far, it said. Beyond the U.S., the attack has affected organizations in other countries, including Germany and New Zealand, where schools have been hit.
Coincidentally, the Swedish Coop grocery store chain had to close hundreds of stores because its cash registers are run by Visma Esscom, which manages servers for several Swedish businesses and in turn uses Kaseya.
One analyst said the attack is another illustration of how difficult it is for modestly sized businesses to beat back increasingly well-funded cyber-criminal gangs.
"Small businesses are outgunned when it comes to cybersecurity," the analyst said.