Ransomware-hit IT firm Kaseya said it hired cybersecurity company FireEye to help deal with the fallout of a major breach that has affected hundreds of businesses worldwide.
In a message posted to its website, Miami-based Kaseya said its employees “have been actively engaged with FireEye and other security assessment firms” to investigate the attack, which struck on Friday and quickly spread across the globe.
FireEye confirmed to Reuters it was working with Kaseya.
The full impact of the intrusion at Kaseya is still coming into focus, in part because the affected Kaseya software tool is used by so-called managed service providers, outsourcing shops that other businesses use to handle their back-office IT work, like installing updates.
The Swedish Coop grocery store chain had to close hundreds of stores on Saturday because its cash registers are run by Visma Esscom, which manages servers for a number of Swedish businesses and in turn uses Kaseya.
One cyber security executive said his company alone had seen 350 customers attacked.
“The two biggest regions we’ve seen are USA and Germany,” said Ross McKerchar, chief information security officer at Sophos.
Targets included schools, small public-sector bodies, travel and leisure organisations, credit unions and accountants, he said.
McKerchar said the wave of intrusions was another illustration of how difficult it was for modestly sized businesses to beat back increasingly well-funded cyber criminal gangs.
“Small businesses are outgunned when it comes to cyber security,” he said.