A ransomware attack disclosed last week by a Miami-based software provider spread to customers in six European countries, a company official said Thursday, showing how a hack targeting digital supply chains can quickly extend across industries and international borders.
A criminal hacking group used a Kaseya Ltd. product as a springboard to reach nearly 60 of the firm’s clients on July 2, the company said, launching a sprawling ransomware attack. After reaching those customers’ networks, hackers then jumped to their clients’ computer systems and locked up data of between 800 and 1,500 total victims, many of them small businesses.
Eight of Kaseya’s affected customers are in European countries, including the U.K., Netherlands, Germany, Sweden, Norway and Italy, said
president of the company’s Europe, Middle East and Africa unit. Cybersecurity experts say the tactics used to target the firm represent an escalation in the global ransomware boom and present new questions for businesses and policy makers racing to respond.
Mr. Kirby, speaking Thursday at a virtual event hosted by the Centre for Cyber Security Belgium, the country’s cyber authority, said Kaseya was a particularly appealing target because many of its customers are also technology-service providers with broad client bases of their own.
“You attack a company, you get into that company,” he said, adding that Kaseya’s own systems are secure. “You attack a service provider, you get into all their customers. You attack Kaseya, that’s a very different proposition.”
Kaseya said Thursday that it expects to release a patch for the software bug used by hackers to access its virtual system administrator product by Sunday…