Hundreds of small to medium-sized companies were hit by a record-breaking ransomware campaign over the Fourth of July weekend.

Threat actors leveraged a zero-day vulnerability in a software tool developed by Kaseya, a US-based software company. The exploit allowed access to over a million computers and spread to what is currently estimated as over 1,000 businesses and organizations.

“We expect the full scope of victim organizations to be higher than what’s being reported by any individual security company,” said Sophos Vice President Ross McKerchar in a statement

The campaign has been widely attributed to REvil, a Russia-based ransomware gang allegedly responsible for several other major cyberattacks, most recently against JBS, one of the world’s largest meat suppliers and distributors. The group initially demanded a $70 million ransom for a decryptor to unlock all affected targets. The figure has since lowered to $50 million.

President Joe Biden has ordered U.S. intelligence agencies to investigate the attack, which came weeks after his Geneva Summit meeting with Russian President Vladimir Putin. The two discussed cyberattacks launched from Russia and other former Soviet states. 

“[T]he United States Government has been working across the interagency to assess the Kaseya ransomware incident and assist in the response,” wrote Deputy National Security Advisor Anne Neuberger in a statement.

The FBI and CISA have urged businesses to follow cybersecurity best practices, including enabling multi-factor authentication, regularly backing up data, and for affected organizations to download a detection tool to identify possible compromised systems.