A Maryland town was taken offline last week during the massive ransomware attack on through Miami-based technology firm Kaseya.
The Washington Post reported Thursday that Leonardtown in Southern Maryland fell victim to the cyberattack, with town administrator Laschelle McKay first learning of the problem when she logged on Friday.
"Everything shut down,” McKay said. “You couldn’t open any document, you’re completely locked from all your files.”
The town's IT management company JustTech is a client of Kaseya's and uses products that had been affected by the hack, the Post reported.
In emails sent by JustTech to Leonardtown, the company said neither of its “servers nor your network were directly hacked or breached. The intrusion came through the remote monitoring and security software we utilize from an industry leading provider.”
McKay told the Post that Leonardtown had been informed by JustTech that the ransomware gang REvil was demanding $45,000 per computer, but the town's government never seriously considered paying. They are instead proceeding to attempt to get back online through computer backups.
All but two of the town's 19 computers were affected -- a computer used by an employee who was on vacation was unaffected, along with an older computer that had been been left at an employee's home.
JustTech has said it will be able to restore the town's system, the Post reported, but it is unclear how long this will take as the IT company itself was impacted by the breach.
The REvil ransomware gang, also known as Sodinokibi, has demanded $70 million in total in exchange for the data it is currently holding hostage. Kaseya has so far no said whether it plans on paying the ransom. Thousands of tech companies around the world who were clients of Kaseya have been affected by the breach, with businesses, schools and public sector entities all being impacted.
The Dutch Institute for Vulnerability Disclosure revealed this week that it had detected multiple vulnerabilities in Kaseya's system earlier in April, with one of the vulnerabilities ultimately being exploited by the hackers. The organization did not publicly reveal their discovery at the time, fearing it would invite the type of attack that occurred last week as they worked on a patch for the vulnerability.