Businesses around the world rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.
It's not yet known how many organizations have been hit by demands that they pay a ransom in order to get their systems working again. But some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.
One company affected by the attack is Transdev North America, which contracts with Napa Valley Transportation Authority (NVTA). NVTA Executive Director Kate Miller confirmed Saturday that some services were briefly disrupted following the Friday attack, but services were fully back online by 11 a.m. Saturday.
"Transdev prioritized restoring systems on the Vine services because so much of its service is on-demand," Miller said in an email on Saturday. "For that, NVTA is enormously grateful."
Miller said the Vine On Demand services, which include City of Napa transportation, American Canyon Shuttle, Calistoga Shuttle, St. Helena Shuttle, Yountville Trolley and VineGo, were affected. Vine Express Bus and fixed-route services were not affected.
Miller said the NVTA phone systems were down for nearly 24 hours, but customers were still able to use the Ride The Vine app to request a ride. NVTA also set up an alternative phone number for customers to use to contact the NVTA ticket office.
"Rider alerts were issued immediately after NVTA was notified by Transdev," Miller said via email. "Information was also pushed out on social media sites and on 511.org.
"I’m thankful we had no major service disruption and that NVTA staff was able to communicate on so many platforms to let riders know of the disruption. Special thanks to NVTA PIO Robin Craig and MTC/511.org staff Janet Banner for getting the word out so quickly."
Friday's ransomware attack follows a scourge of headline-grabbing attacks over recent months that have been a source of diplomatic tension between U.S. President Joe Biden and Russian President Vladimir Putin over whether Russia has become a safe haven for cybercriminal gangs.
Biden said Saturday he didn't yet know for certain who was responsible but suggested that the U.S. would respond if Russia was found to have anything to do with it.
“If it is either with the knowledge of and or a consequence of Russia then I told Putin we will respond,” Biden said. "We’re not certain. The initial thinking was it was not the Russian government.”
Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted the software company Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.
“The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact.”
The cybersecurity firm ESET says there are victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya and Germany.
Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”
Voccola said fewer than 40 of Kaseya’s customers were known to be affected, but experts said the ransomware could still be affecting hundreds more companies that rely on Kaseya’s clients that provide broader IT services.
Napa Valley Register reporter Samie Hartley contributed to this report.
AP reporters Frank Bajak in Boston, Eric Tucker in Washington and Josh Boak in Central Lake, Michigan contributed to this report.