Between 800 and 1,500 businesses around the world were compromised or affected by a cyberattack on Friday that security experts said could be the largest attack in history using ransomware, in which hackers shut down systems until a ransom is paid.
“This is the worst ransomware incident to date, but if we don’t take action, the worst is yet to come,” said Kyle Hanslovan, the chief executive of the cybersecurity firm Huntress Labs.
Hackers compromised Kaseya, a Miami-based software maker that provides technology services to tens of thousands of organizations around the world. Many of its customers are so-called managed service providers, which in turn provide security and tech support to other companies and collectively reach millions of businesses.
“It totally sucks,” Fred Voccola, Kaseya’s chief executive, said in a video posted on YouTube early Tuesday, addressing the company’s customers. “If I was you, I’d be very, very frustrated, and you should be.”
He said Kaseya was working with the F.B.I., the Department of Homeland Security and the White House to address the issue.
About 50 of Kaseya’s direct customers were compromised when it was breached, Mr. Voccola said, including dozens of managed service providers.
A Russian-based cybercriminal organization known as REvil claimed responsibility on Sunday for the attack, boasting about it on its site — called “Happy Blog” — on the dark web. Some victims were being asked for $5 million in ransom, Huntress Labs said.
Brett Callow, a threat analyst for the cybersecurity firm Emsisoft, said REvil was also asking for $45,000 in cryptocurrency for each computer system a victim wanted restored.
REvil also said it would publish a tool that would allow all infected companies to recover their data if it were paid $70 million in Bitcoin.
“If you are interested in such a deal, contact us,” the group wrote, adding that it had provided a way for victims to contact the organization.
Jack Cable, a security researcher for Krebs Stamos Group, said that he had reached out to REvil over the weekend and that the group said it was willing to negotiate. It offered to slash the price for the tool to $50 million in Bitcoin, he said.
Jen Psaki, the White House press secretary, said during a news conference on Tuesday that “we advise against companies paying ransomware, given that it incentivizes bad actors to repeat this behavior.”
Ms. Psaki said American national security officials had been in touch with Russian government officials over the attack. When President Biden met with President Vladimir V. Putin of Russia in Geneva last month, he demanded that Russia rein in ransomware attacks, which have become increasingly common in recent months. The F.B.I. said REvil was behind the hacking of the world’s largest meat processor, JBS, in May.
“If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action, on our own,” Ms. Psaki said.
The Kaseya cyberattack has had cascading effects around the globe, touching companies in more than a dozen countries, including the United States, Germany, Australia and Brazil. In Sweden, the grocery retailer Coop was forced to close more than 800 stores Saturday, and each location had to be visited to fix the problems caused by the hack. A Swedish railway and a pharmacy chain were also affected, security researchers said.
Mr. Voccola said such an attack was bound to happen.
“Even the best defenses in the world get scored upon,” he said.
A common refrain he has heard from government officials and security experts, he said, was that when it comes to cyberattacks, “it’s not a matter of if, it’s a matter of when.”
AAA said on Tuesday that gas prices were expected to increase another 10 to 20 cents through the end of August.
The average price of a gallon of regular in the United States has risen to $3.13, according to AAA, up from $3.05 a month ago. A year ago, as the pandemic kept people home, a gallon of gas cost just $2.18 on average.
The rise comes amid a breakdown in talks among OPEC and its allies over whether to expand oil production as travel resumes and global demand recovers. The cartel has been unable to reach a deal despite multiple meetings since Thursday.
“Robust gasoline demand and more expensive crude oil prices are pushing gas prices higher,” Jeanette McGee, an AAA representative, said in a statement. “We had hoped that global crude production increases would bring some relief at the pump this month, but weekend OPEC negotiations fell through with no agreement reached.”
Scott Hanson of Western Springs, Ill., remembers when $40 was enough to fill up his gas tank last year, when he lost his job as an office manager due to the pandemic. Now, Mr. Hanson is paying over $60 to fill his Dodge Charger, making his trips to take his mother to her doctor appointments more expensive. Gas in Illinois is averaging $3.36 a gallon, according to AAA.
“It’s too much for too many people that lost their jobs or have low-paying jobs,” Mr. Hanson said. “Everything bad that could happen is happening all at once.”
Washington has seen one of the biggest spikes, with the price of regular gasoline rising 20 cents in the past month to $3.81, according to AAA. In California, which generally has some of the highest gas prices in the country, a gallon goes for $4.31.
Crude oil fell off its recent highs on Tuesday, with West Texas Intermediate, the U.S. benchmark, down more than 2.5 percent to about $73.15. But even prices at that level have not been reached since 2018, and they are far above the prices from early in the pandemic, when the price of a barrel hovered around $40.
As travel ground to a halt early last year, Russia, which is part of the group of allied oil producers known as OPEC Plus, refused to cut production, sparking a price war with Saudi Arabia, the de facto leader of OPEC, that helped drive prices to rock-bottom. Oil-producing nations finally agreed to cuts and have been operating mostly in lock-step for months, raising output slowly to keep prices high.
But the conciliatory nature of the agreement seems to have stalled, with OPEC Plus failing for days to come to a decision on production, and oil prices have fluctuated as traders await a result.
Gas prices have also been volatile as the economy has reopened. With a jump in travel already adding upward pressure, a cyberattack in May on a gas pipeline that provides nearly half of the East Coast’s fuel supplies led to panic buying, shortages in some areas and a temporary spike in prices.
Americans are also keeping a close eye on Tropical Storm Elsa, which is headed for the Gulf of Mexico and parts of Florida. The storm is unlikely to cause disruptions to Gulf Coast crude and gasoline production as winds recede, according to AAA.
Mahsiah Waites of Atlanta, Ga., uses her vehicle over six hours a day as part of her job as an assistant for a fashion designer. Ms. Waites is grateful to be employed and able to afford the spike in prices, but she is starting to feel the pain of having to pay nearly $55 to fill up her tank.
“I love my car, so I’ll stick to it and take the situation as it is,” Ms. Waites said. “If things get too rough, I’ll have to cut back on driving or some other area I spend money on.”
Many major automakers have committed to phasing out conventional cars in favor of electric vehicles over the next decade and have promised lower ownership costs, including savings on gas. But even without the annual summer surge in gas prices, electric car drivers may not be home free, according to Tom Kloza, the head of global energy research at Oil Price Information Service, which tracks energy prices.
“I think there will be some people that will opt for E.V.s, but they want to see the electric grid behave efficiently during the tremendous heat of the summer,” Mr. Kloza said. “If we have hurricanes that knock out electricity for a period of time this summer, that may haunt the adoption of E.V.s.”
Oil prices touched their highest levels in years on Tuesday, a day after OPEC, Russia and their allies failed yet again reach agreement on production increases. A teleconference planned for Monday never started, following meetings on Thursday and Friday that did not reach a deal.
West Texas Intermediate, the U.S. benchmark, rose as high as $76.98 a barrel earlier in the day, its highest in more than six years, before retreating. By the afternoon its price was down about 2.5 percent to about $73.40 a barrel. Brent crude, the global benchmark, dropped nearly 3.5 percent to around $74.55 a barrel.
The volatility reflected worry that the deadlock in OPEC Plus, the alliance of oil producers, means that too little oil would reach the markets at a time of growing consumption as the effects of the pandemic ease and summer travel booms.
The United Arab Emirates, which has invested in its oil capacity in recent years, is insisting on higher levels of production over objections from Saudi Arabia, a longtime ally, and other producers. Mediation efforts have so far not bridged the gap, and a new meeting has not been scheduled. The disarray in OPEC Plus raises the risk of a price war among producers, like the one in spring 2020, but some analysts think the group is more likely to figure out a way of gradually drip-feeding more oil into the market in the coming months, a move that would soften price jumps.
In a note to clients on Tuesday, analysts at Goldman Sachs wrote that many OPEC Plus countries had not made the investments to increase output to meet demand, presenting producers like the United Arab Emirates, Saudi Arabia and Russia with “an opportunity to bring production to or near” record levels.
The Saudis, who have the ability to increase their output by more than three million barrels a day from the 8.5 million barrels a day in May, could intervene if the market overheats. The Biden administration has been slow to react to rising prices in recent months, but it is beginning to take notice.
All OPEC Plus members seem to agree on the need to raise output, but the deadlock has blocked a deal.
On the table at the meetings was a proposal by Saudi Arabia and Russia to increase production by 400,000 barrels a day each month for the rest of this year, beginning in August, eventually raising total output by two million barrels a day.
The Saudis want to make that increase conditional on extending an OPEC Plus output agreement from spring 2020 beyond its expiration date of April 2022. The United Arab Emirates wants any extension coupled with an upward recalculation of its production quota, which it says does not fairly reflect its output capacity.
In another sign that streaming is upending the Hollywood status quo, NBCUniversal said on Tuesday that, starting next year, its movies would bypass HBO and have their initial post-theatrical runs instead on Peacock, the media giant’s nascent streaming service.
The exclusive 18-month post-theatrical “window” for films made by Universal and its specialty arm, Focus Features — some 30 movies annually — has been held by HBO since 2005. That post-theatrical window will now be broken into three parts.
Universal movies will begin to flow to Peacock no later than four months after they appear in theaters, and they will remain on Peacock for four months. The movies will then move to third-party streaming services for 10 months under licensing deals still to be announced. The movies will return to Peacock for the final four months.
Consumers have long complained about the confusing way that studios splice and dice movie availability in an effort to maximize revenue, but Universal said that its three-pronged approach was intended to “maximize consumer access” to its films. “Titles will constantly refresh across the streaming ecosystem ensuring no title or platform is oversaturated,” the studio said in a news release.
The approach, of course, will also maximize revenue.
NBCUniversal’s move away from HBO as a primary distribution partner reflects a broader trend in entertainment. As media companies have introduced their own Netflix-style services, they have ended or pared back distribution agreements with rivals in favor of bolstering their own platforms. New movies from Disney, for instance, no longer flow to Netflix after their theatrical runs; instead, they head to Disney+.
The Peacock partnership will last for at least five years, ensuring a steady stream of prominent films to the fledgling service. Universal’s 2022 slate includes “Jurassic World: Dominion”; an original horror film from the Oscar-winning screenplay writer Jordan Peele; “Minions: The Rise of Gru”; and another “Downton Abbey” movie.
Universal said on Tuesday that it would also begin making a handful of films annually that would skip theaters altogether and be made available exclusively on Peacock.
The Pulitzer Prize-winning journalist Nikole Hannah-Jones said on Tuesday that she would join the faculty of Howard University, a surprise announcement less than a week after the University of North Carolina’s board of trustees voted to grant her tenure, reversing its earlier decision.
Ms. Hannah-Jones, a correspondent for The New York Times Magazine, had been appointed as the Knight Chair in Race and Investigative Journalism at U.N.C.’s Hussman School of Journalism and was supposed to start there this month. But her appointment had drawn criticism from conservative board members who took issue with her involvement in The Times’s 1619 Project, which re-examined slavery in the United States.
The board initially failed to approve tenure recommendations from the journalism school’s dean and faculty, effectively denying her tenure. Weeks later, after U.N.C. staff, students and prominent alumni spoke out against the board’s decision, and after Ms. Hannah-Jones said she had retained legal counsel and was considering filing a discrimination suit, the board reversed and offered her full tenure.
Ms. Hannah-Jones said Tuesday that the decision to decline the offer had been difficult and that the treatment of her by U.N.C., where she received a master’s degree, had been deeply painful.
“I, literally since the second grade, have been in white institutions,” she said in an interview, describing how she had to show again and again that she was worthy. “I’ve proven all that I’m going to prove. And I just really wanted to use the talent, the platform, the resources that I have managed to commit over time and to bring them to a Black institution where I won’t have to prove that, and where I can help other young, Black journalists — who come, many of them, from disadvantaged backgrounds themselves — to be able to compete.”
Ms. Hannah-Jones, whose honors include receiving a “genius grant” from the John D. and Catherine T. MacArthur Foundation, will be a tenured member of Howard University’s Cathy Hughes School of Communications, serving as the newly created Knight Chair in Race and Journalism. She will also found at the university the Center for Journalism and Democracy, which will train and support aspiring reporters in investigative skills and analytical expertise.
The author and journalist Ta-Nehisi Coates, another MacArthur fellow, will also join the faculty of Howard, which is one of the country’s leading historically Black colleges and universities.
“It is my pleasure to welcome to Howard two of today’s most respected and influential journalists,” said Wayne A. I. Frederick, Howard University’s president. “At such a critical time for race relations in our country, it is vital that we understand the role of journalism in steering our national conversation and social progress.”
Ms. Hannah-Jones said she had received offers from many prestigious universities and chose Howard because she had long wanted to help develop Black journalists and contribute to Black institutions.
“I was always conflicted about whether the place that had the most need for me, where the students had the most need for me, was going to be a predominantly white institution,” she said. “After what happened with North Carolina became public, after I started seeing the extent to which there was political intervention in this, it just became very clear to me that this was what I wanted to do now — that I didn’t need to try to find a workaround to try to work with H.B.C.U.s, that I could just go there.”
U.N.C. did not immediately respond to a request for comment.
The 1619 Project traced the legacy of American slavery through essays, photography and a five-part podcast, and Ms. Hannah-Jones won a Pulitzer Prize for commentary last year for her introductory essay. The project has faced criticism from some historians, who have expressed reservations about some of its assertions. After publishing the project, The Times issued a clarification that only “some” colonists fought for independence primarily to defend slavery.
Jake Silverstein, the editor of The Times Magazine, has defended Ms. Hannah-Jones and her writing. “There’s no doubt that, given the chance to learn from Nikole, future graduates of the Center for Journalism and Democracy will create the sort of revealing and unflinching journalism that has been a hallmark of her work for decades,” he said in a note to New York Times staff on Tuesday.
Ms. Hannah-Jones will continue to write for the magazine, he said.
Didi, the giant Chinese ride-hailing platform, dropped nearly 20 percent on Tuesday after China’s government ordered that the service be removed from app stores less than a week after it went public in New York.
Late on Sunday, China’s internet regulator said there were “serious” problems related to the collection and use of customer data. Without explaining the problem, it said that Didi needed to correct them and “earnestly safeguard” users’ personal information. The drop on Tuesday reflected the first chance investors could react to China’s actions, as U.S. markets were closed on Monday for the July 4 holiday.
Didi Global listed shares on the New York Stock Exchange last week with a $14-a-share offering price, and its stock closed at $16.40 on Thursday. A few days after it went public, the same Chinese regulator issued another surprise announcement, saying on Friday that new user sign-ups on Didi would be suspended while the authorities conducted a “cybersecurity review.”
On Tuesday, the shares ended the day at $12.49 each.
The moves are part of a fast-moving effort by China to control the country’s internet industry, and a growing focus on the digital security practices of companies that sell shares abroad. On Tuesday, a policy document said the government would seek to toughen its oversight of how overseas-listed businesses manage and protect their data.
The document said that stronger regulation of companies and capital markets should be combined with broader efforts to maintain national security and social stability, an indication of how seriously Beijing now treats such issues.
On Monday, the authorities said that user registrations on three other Chinese platforms were being suspended for cybersecurity reviews. The two companies behind those platforms have also listed shares recently in the United States: Full Truck Alliance, which connects freight customers and truck drivers, and Kanzhun, which runs a job-hunting platform. Shares of both companies were sharply lower on Tuesday.
Elsewhere in markets
The S&P 500 index ticked down 0.2 percent, breaking a seven-day streak of gains.
Stocks in Europe were mostly lower. The Stoxx Europe 600 fell 0.5 percent, while London’s FTSE 100 dropped 0.9 percent.
Oil prices were volatile after OPEC and its oil-producing allies again failed to reach an agreement on proposed production increases. Futures of West Texas Intermediate, the U.S. crude benchmark, touched the highest price since November 2014 early in the day before falling 2.4 percent to $73.37 a barrel.
Raymond Zhong contributed reporting.
Emergent BioSolutions has had to throw out 75 million Covid vaccine doses because of potential contamination, and production at its Baltimore factory has been halted for more than two months as the company tries to convince regulators that it has fixed serious quality problems.
As the federal government works with the biotech firm in an effort to restart production, some investors are asking for their money back and seeking an overhaul of the company’s corporate governance.
With its stock price cut in half, Emergent faces several shareholder lawsuits accusing it of securities fraud. A pension fund filed a complaint last Tuesday claiming that some executives and board members — including several former federal officials — had engaged in insider trading by unloading more than $20 million worth of stock over the past 15 months.
The executives and board members sold the stock “while in possession of material, nonpublic information that artificially inflated the price” and “profited from their misconduct and were unjustly enriched through their exploitation of material and adverse inside information,” the Illinois-based Lincolnshire Police Pension Fund asserted.
The litigation adds to the troubles of the politically connected company, which is also the target of a widening congressional investigation into its vaccine production problems and the favorable deals it has secured with the government.
An Emergent spokesman said all of the lawsuits were “without merit” but declined to discuss them in detail.
Hundreds of companies around the world are reeling after a software provider to small and midsize businesses was hit last week by a major cyberattack. Russian cybercriminals are suspected of orchestrating what some experts are calling a “global supply chain hack.”
The damage is widespread.
The Swedish grocery chain Coop had to close at least 800 stores on Saturday, while a pharmacy chain and 11 schools in New Zealand were also affected. Linking all of them was Kaseya, which makes systems management software that was in the middle of performing updates to guard against such an attack. Although Kaseya said that fewer than 40 customers had been affected, that group serviced hundreds of others, amplifying the effect.
Some companies were asked for as much as $5 million to regain control of their data, about $70 million in total.
The authorities suspect a well-known Russian group.
REvil, which was accused of orchestrating an attack on the meat processor JBS in May, was identified as a likely culprit. President Biden confronted President Vladimir Putin of Russia last month over Moscow’s ties to cybercrime, but over the weekend, he said “The initial thinking was it was not the Russian government, but we’re not sure yet.”
Nextdoor, the neighborhood-focused social network based in San Francisco, announced its plans to go public on Tuesday, raising $686 million for the 10-year-old start-up and valuing the company at roughly $4.3 billion.
But instead of completing a traditional initial public offering process, Nextdoor will be listed on the public markets by way of a special purpose acquisition company, or SPAC, a type of financial vehicle that has grown increasingly popular in recent years among tech companies.
Nextdoor’s SPAC will be backed by an affiliate of Khosla Ventures, a blue-chip Silicon Valley firm, and will include participation from firms such as T. Rowe Price Associates, Baron Capital Group and Dragoneer Investment Group, along with existing investors that include Tiger Global.
Over the past year, these buzzy financial vehicles have come under increased regulatory scrutiny as private equity firms and investors create record amounts of so-called blank check companies in the hunt to take promising start-ups public. Executives at companies like Reddit have mulled going public via SPAC, while hundreds of new SPACs have been created in the first half of 2021 alone.
Sarah Friar, Nextdoor’s chief executive, said in an interview that going the SPAC route made the most sense for the company, allowing it to be more closely involved and counseled by a smaller, more targeted group of investors. Ms. Friar also said it gave Nextdoor a better sense of certainty about how much money it would raise, rather than the riskiness that could come with a traditional I.P.O. process.
“We’ve been prepping for this now for a couple of years,” Ms. Friar said. “We are ready, and we’ll do this right.”
Founded in 2011, Nextdoor rose to prominence early on as a kind of “Facebook for neighborhoods,” slowly meting out invitations to people who lived in specific areas and could form small, tightknit social groups based on proximity. Using the site’s web and mobile apps, neighbors discussed everything from yard sales and child care to concerns about crime.
Nearly 10 years later, Nextdoor has ballooned to more than 275,000 “neighborhoods” across 11 countries. As the network grew, Nextdoor began making money by selling advertising to businesses, which pay the company to post sponsored content inside users’ feeds. Ads run the gamut from national brand marketers to local service providers.
Nextdoor plans to use the new funding to invest in expanding its products and acquire more users, Ms. Friar said, while also using capital to further develop its self-serve advertising platform aimed at small and midsize businesses. It also plans to hire more engineers and other employees.
As far as the business goes, Ms. Friar may have her work cut out for her. Nextdoor lost a combined $148 million in 2019 and 2020 on total revenue of $206 million in that same period, according to financial disclosures. The company does not expect to be profitable any time soon; Nextdoor expects a loss of roughly $100 million a year in 2021 and 2022, though it hopes to more than double its revenue through that same period. Expenses are also rising.
Nextdoor generates all of its revenue from digital advertising, which means it is competing for ad dollars with giants like Facebook and Google that dominate the digital advertising market.
Critics of Nextdoor have assailed the platform for being a haven for racism and targeted online harassment. Complaints often involve users who have flocked to Nextdoor to lodge racially motivated grievances about their neighbors or to engage in toxic behavior or harassment. In its financial disclosures, Nextdoor cited damage to its brand and reputation — the kind that often results from these complaints and behaviors — as a long-term risk factor to its business.
Since Ms. Friar became chief executive in 2018, she has made it a priority to clean up areas of the platform that have created problems. The company has added anti-racial-profiling steps and includes ways to make users slow down and become more thoughtful about certain kinds of posts, like those about suspected crimes. Ms. Friar said the new funding would also pay for products that handled such content moderation issues.
In addition, Ms. Friar, the company’s three original founders and its earliest investor plan to contribute a portion of their shares in Nextdoor to form the Nextdoor Kind Foundation, a nonprofit foundation “dedicated to helping neighbors rejuvenate their neighborhoods through targeted grants.” The foundation will solicit ideas from people who want to improve their communities, whether it is to “plant a garden, paint a community center or repair the playground,” according to the company.
Shares of Nextdoor will be publicly traded on the Nasdaq stock exchange under the stock ticker symbol KIND.
The British auto industry’s prospects for surviving Brexit improved further Tuesday after Stellantis, the newly formed holding company for brands including Fiat, Peugeot, Citroën, Jeep and Opel, said it would build electric cars at an existing plant in Ellesmere Port, near Liverpool. The factory will produce battery powered Vauxhall, Opel, Peugeot and Citroën brand cars and light commercial vehicles starting in 2022, Stellantis said, noting that the British government will provide an unspecified proportion of the 100 million pounds, or $140 million, needed to refit the factory. The announcement comes after Nissan said last week it would build a new generation of electric cars at its plant in Sunderland, England.
BoltBus, the bus service known for offering its passengers Wi-Fi and $1 lottery seats, is shutting down operations indefinitely after months of low ridership during the pandemic, according to Greyhound, its parent company. The discount bus operator announced last month that it was transferring most of its routes to Greyhound so it could “undergo renovations.” BoltBus had suspended service earlier during the pandemic, but its parent company said this week that the operator had no plans to put its buses back on the road.
Tyson Foods is recalling nearly 8.5 million pounds of frozen chicken that may have been contaminated with listeria, the Agriculture Department said. The voluntary recall was issued after Agriculture Department investigators were notified last month about two people who had been sickened with listeriosis, the department said in a statement on Saturday. An investigation found evidence linking those cases to frozen chicken from Tyson Foods, the agency said. Investigators eventually identified three cases linked to the recalled products, including one death, the department said.
Today in the On Tech newsletter, Shira Ovide writes that the ability to work remotely shouldn’t be a nice-to-have for a select few, but an option for all.