A US software firm hit by a ransomware attack that crippled companies worldwide put off restarting its servers until Sunday to harden defenses against further breaches.

Kaseya chief executive Fred Voccola apologized to its customers in a video update posted online late Wednesday, calling the decision not to turn systems back on as promised the toughest in his career.

"It sucks, and I don't want anyone to think we are not taking this seriously," Voccola said.

Kaseya has the vulnerabilities exploited in the attack blocked, but opted to take more time to put in place additional layers of protection, he explained.

The Miami-based company was "very confident" it would have it servers back online Sunday at 2000 GMT, according to Voccola.

He said that Kaseya will mirror a financial aid model rolled out during the pandemic, this time aimed at helping businesses suffering due to the cyberattack.

"We will be providing direct financial assistance to (small and medium size businesses) who have been crippled by these evil people," Voccola said.

"Throwing money at a problem does not always solve it; it is better than not throwing money at it. We are doing what we can."

The effects of a major global ransomware attack appeared likely to persist into a second week as the software firm involved delayed its server restart
The effects of a major global ransomware attack appeared likely to persist into a second week as the software firm involved delayed its server restart AFP / OLIVIER DOULIERY

The unprecedented attack that caused Kaseya to shut down its cloud-based system on July 2 affected an estimated 1,500 businesses and prompted a ransom demand of $70 million.

While Kaseya is little known to the public, analysts say it was a ripe target as its software is used by thousands of companies, allowing the hackers to paralyze a huge number of businesses with a single blow.

Kaseya provides IT services to some 40,000 businesses globally, some of whom in turn manage the computer systems of other businesses.

The hack affected users of its signature VSA software, which is used to manage networks of computers and printers.

Experts believe this could be the biggest "ransomware" attack on record -- an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims' data and then demand money for restored access.

The Kaseya attack has ricocheted around the world, affecting businesses from pharmacies to gas stations in at least 17 countries, as well as dozens of New Zealand kindergartens.

White House spokeswoman Jen Psaki said the administration was monitoring the situation amid reports that the attacks came from a Russia-based cyber gang.

REvil, a group of Russian-speaking hackers who are prolific perpetrators of ransomware attacks, are widely believed to be behind the assault.