The group behind the recent Kaseya cyber attack is asking for a $70M ransom in Bitcoin for a ‘universal decryptor’ key
The Russian hacking group REvil has published a blog post on the dark web taking credit for the audacious cyber attack on MSP providers in the US which they claim affected over a million systems.
They also called on ‘anyone willing to negotiate’ for a ‘universal decryptor’, offering to list the key publicly if someone pays the ransom.
“Everyone will be able to recover from the attack in less than an hour,” the post read.
John Hammond from Huntress Labs Inc sent this screenshot of the blog post in a direct Twitter message to Ticker reporters.
Will the companies pay the ransom?
The general advice from cyber-security experts is to not pay hackers to retrieve their data, because it encourages future attacks.
However, John Hammond from Huntress Labs doesn’t believe the situation is so simple. The cybersecurity firm Huntress Labs Inc is leading the investigation into the attack.
“This is an extremely intricate and tough situation,” he said in a private Twitter message to Ticker reporters.
“You have to make the decision that is best for your business,” he said.
REvil has shared an update on their personal dark web site. Their asking price to decrypt ALL victims is $70,000,000 USD. pic.twitter.com/e5WDWxDE53
The attack targeted more than 20 managed service providers (MSP). Yesterday, Huntress Labs anticipated the hack had affected more than 1000 businesses, which expectations that the figure would grow based on reports from the providers and a Reddit thread tracking the hack.
“It’s reasonable to think this could potentially be impacting thousands of small businesses,” tweeted John Hammond from Huntress Labs. Hammond says the attack targeted a software supplier called Kaseya.
Biden has sinced called for US intelligence to conduct a “deep dive” into the attacks. “We’re not sure it’s the Russians,” he said. “The initial thinking was, it was not the Russian government, but we’re not sure yet.”
Based on a combination of the service providers reaching out to us for assistance along with the comments we're seeing in this thread, it's reasonable to think this could potentially be impacting thousands of small businesses.
Another victim of the attack is Sweden, which has seen around 500 supermarkets unable to trade.
Coop Sweden has closed half of its 800 stores after its point-of-sale tills and self-service checkouts stopped working just before the weekend.
The supermarket itself was not targeted by hackers. However, because it uses on of the affected MSPs it too has fallen victim to the attack.
Cybersecurity becomes and international security issue
This comes as the latest in a string of ransomware attacks in recent months, including the attack on JBS. Experts have also attributed the JBS attack to the REvil cyber gang.
Natasha is an Associate Producer at ticker NEWS with a Bachelor of arts from Monash University. She has previously worked at Sky News Australia and Monash University as an Online Content Producer.
Netflix is intensifying its efforts to introduce an ad-supported tier amidst a plateau in subscriber growth.
The streaming giant hopes to attract new users and boost revenue by offering a cheaper alternative that includes advertisements.
This move marks a significant shift from its traditional ad-free model, reflecting Netflix’s response to competitive pressures and evolving consumer preferences.