Between 800 and 1,500 businesses around the world were compromised or affected by a cyberattack on Friday that security experts said could be the largest attack in history using ransomware, in which hackers shut down systems until a ransom is paid.
“This is the worst ransomware incident to date, but if we don’t take action, the worst is yet to come,” said Kyle Hanslovan, the chief executive of the cybersecurity firm Huntress Labs.
Hackers compromised Kaseya, a Miami-based software maker that provides technology services to tens of thousands of organizations around the world. Many of its customers are so-called managed service providers, which in turn provide security and tech support to other companies and collectively reach millions of businesses.
“It totally sucks,” Fred Voccola, Kaseya’s chief executive, said in a video posted on YouTube early Tuesday, addressing the company’s customers. “If I was you, I’d be very, very frustrated, and you should be.”
He said Kaseya was working with the F.B.I., the Department of Homeland Security and the White House to address the issue.
About 50 of Kaseya’s direct customers were compromised when it was breached, Mr. Voccola said, including dozens of managed service providers.
A Russia-based cybercriminal organization known as REvil took credit on Sunday for the attack, boasting about it on its site — called “Happy Blog” — on the dark web. Some victims were being asked for $5 million in ransom, Huntress Labs said.
Brett Callow, a threat analyst for the cybersecurity firm Emsisoft, said REvil was also asking for $45,000 in cryptocurrency for each computer system a victim wanted restored.
REvil also said it would publish a tool that would allow all infected companies to recover their data if it were paid $70 million in Bitcoin.
“If you are interested in such a deal, contact us,” the group wrote, adding that it had provided a way for victims to contact the organization.
Jack Cable, a security researcher for Krebs Stamos Group, said he had reached out to REvil over the weekend and the group said it was willing to negotiate. It offered to slash the price for the tool to $50 million in Bitcoin, he said.
Jen Psaki, the White House press secretary, said during a news conference on Tuesday that “we advise against companies paying ransomware, given that it incentivizes bad actors to repeat this behavior.”
Ms. Psaki said American national security officials had been in touch with Russian government officials over the attack. When President Biden met with President Vladimir Putin of Russia in Geneva last month, he demanded that Russia rein in ransomware attacks, which have become increasingly common in recent months. The F.B.I. said REvil was behind the hacking of the world’s largest meat processor, JBS, in May.
“If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action, on our own,” Ms. Psaki said.
The Kaseya cyberattack has had cascading effects around the globe, touching companies in more than a dozen countries, including the United States, Germany, Australia and Brazil. In Sweden, the grocery retailer Coop was forced to close more than 800 stores Saturday, and each location had to be visited to fix the problems caused by the hack. A Swedish railway and a pharmacy chain were also affected, security researchers said.
Mr. Voccola said such an attack was bound to happen.
“Even the best defenses in the world get scored upon,” he said.
A common refrain he has heard from government officials and security experts, he said, was that when it comes to cyberattacks, “it’s not a matter of if, it’s a matter of when.”
