Possibly hundreds of IT company clients affected by international cyberattack

Possibly hundreds of companies in the Netherlands may have fallen victim to an international ransomware attack carried out by Russian hackers on Friday, NOS reported. It appears that the attack was carried out by the Russian-affiliated REvil group which the FBI also blamed for the attack on the Brazilian meat processor JBS two months prior.

The hackers carried out their ransomware attack via software from Kaseya. IT companies use Kaseya to remotely manage their customers’ computer systems.

 In any case, customers of the IT company VelzArt in Waardenburg were hit in the cyberattack. VelzArt has hundreds of clients. The businesses have been warned that their computers may have been infiltrated on Friday evening between 6 and 10 p.m. They were advised to turn off their devices. A VelzArt employee said that the impact had been enormous: “We have been extremely busy and are being flooded with calls.”

The technical service provider Hoppenbrouwers in Udenhout was also targeted in the attack. Action was quickly taken, yet damage had already been done. Ten percent of the 1,500 computers owned by the company were infected. “Action was not taken quickly enough but in time so that we could still steer the ship in the right direction”, the director of Hoppenbrouwers, Henny de Haas said. “It happened in a very slick way”, the director noted.

At least three other service providers in the Netherlands work with the same software. It is unknown whether two of them were affected by the attack. The third provider, Xantion, found no evidence of malware. "We do not know yet for sure, so the server remains off", director of Xantion, Peter Oelen said.

According to Oelen, the large-scale cyberattack represented a new level of cybercrime. Normally, only one company at a time is hit. In this instance, the hackers were able to target many more victims through the servers of service companies. "While you're normally talking about one bullet to one company, here you see an atomic bomb that could potentially destroy thousands of companies in one swoop", Oelen said. Hundreds of companies in the United States and possibly also other countries were targeted.

Mark Loman from the security firm Sophos said it is likely more companies were affected by the attack. “We have a very limited overview of it. If you look at the companies where we have offered protection and we extrapolate that, I think tens of thousands of companies have been affected.” How many companies exactly were hit, may never be clear, according to Loman. “Much remains invisible because many companies do not report it.”

The incident bears resemblance with an attack on the Danish transport company Maersk in 2017 that cost the company around 200 million euros.