Fallout continues from biggest global Ransomware attack

The single biggest ransomware attack yet continued to bite Monday as more details emerged on how a Russia-linked gang breached the exploited software company. The criminals essentially used a tool that helps protect against malware to spread it globally.

Thousands of organizations — largely firms that remotely manage the IT infrastructure of others — were infected in at least 17 countries in Friday’s assault. Kaseya, whose product was exploited, said Monday that they include several just returning to work.

Because the attack by the notorious REvil gang came just as a long Fourth of July weekend began, many more victims were expected to learn their fate when they return to the office Tuesday.

REvil is best known for extorting $11 million from the meat processor JBS last month. Security researchers said its ability to evade anti-malware safeguards in this attack and its apparent exploitation of a previous unknown vulnerability on Kaseya servers reflect the growing financial muscle of REvil and a few dozen other top ransomware gangs whose success helps them afford the best digital burglary wares. Such criminals infiltrate networks and paralyze them by scrambling data, extorting their victims.