New York (AFP)

The cyberattack that hit US company Kaseya and its customers since Friday is of such magnitude that it may be impossible to respond to all victims individually, the FBI warned on Sunday.

The White House's senior cybersecurity adviser said in a statement that the FBI (Federal Police) and the US Cybersecurity and Infrastructure Security Agency (CISA) would "contact the identified victims to provide them with assistance. based on an assessment of the risk to the nation ".

Hackers attacked Kaseya on Friday, just before a long weekend in the United States, to demand ransom from potentially hundreds, if not thousands, of businesses through its IT management software.

US President Joe Biden said on Saturday he had ordered an investigation, including whether or not the attack came from Russia.

For now, "we are not sure yet," he said at the time.

The FBI is working with other agencies "to understand the scale of the threat."

"If you believe that your systems have been compromised, we encourage you to use all recommended measures and follow Kaseya's advice to immediately shut down your servers (related to the attacked software) and report to the FBI," the report said. American police in a Sunday message.

"Although the scale of this incident may prevent us from responding to each victim individually, all the information we receive will be useful in countering this threat," the FBI also stressed.

It is difficult to estimate the extent of this attack by ransomware, or "ransomware," a type of computer program that paralyzes a company's computer systems and then demands a ransom to unblock them.

Based in Miami, Kaseya sells IT tools to businesses, including VSA software for managing networks of servers, computers and printers from a single source.

It claims more than 40,000 customers.

According to Kaseya, "only a very small number of customers using the software on their devices" were affected.

The company evaluated this figure on Friday at less than 40 customers.

But some of them have many clients themselves and the attack quickly escalated.

- At least 17 countries -

In a new message on Sunday, the company said it was working around the clock, "in all geographies," to resolve the issue and restore service.

She had to decide during a meeting on the night from Sunday to Monday whether she would restore activity by Monday for customers using her software remotely.

At the same time, Kaseya continues to work on a cure for customers using her software directly on their devices.

Kaseya hired cybersecurity firm FireEye Mandiant IR to help manage the crisis.

The computer security company ESET Research had, on Saturday, identified victims in 17 countries around the world.

The attack has already led to the temporary closure on Saturday of several hundred stores of a large supermarket chain in Sweden, with cash registers no longer able to function.

# photo1

The assault began Friday, "when many companies had staff already on leave or preparing for a long weekend," said the specialist firm Sophos in a message.

According to several experts, it was carried out by an affiliate of the hacker group known as REvil.

The latter creates computer programs to attack companies and individuals, which he shares with affiliates who carry out the attack themselves and then share the ransoms.

According to Sophos, the hackers used a loophole in Kaseya's software update system.

They encrypted the data of the affected companies without seeking to exfiltrate it but demand a ransom to unblock it.

Ransomware attacks have become frequent and the United States has been particularly hit in recent months by attacks affecting large companies such as the meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as local communities and companies. hospitals.

© 2021 AFP