Money

Russian ‘REvil gang’ hackers demands $70M Bitcoin ransom payout

Published

3 years ago

July 5, 2021

The group behind the recent Kaseya cyber attack is asking for a $70M ransom in Bitcoin for a ‘universal decryptor’ key

The Russian hacking group REvil has published a blog post on the dark web taking credit for the audacious cyber attack on MSP providers in the US which they claim affected over a million systems.

They also called on ‘anyone willing to negotiate’ for a ‘universal decryptor’, offering to list the key publicly if someone pays the ransom.

“Everyone will be able to recover from the attack in less than an hour,” the post read.

John Hammond from Huntress Labs Inc sent this screenshot of the blog post in a direct Twitter message to Ticker reporters.

Will the companies pay the ransom?

The general advice from cyber-security experts is to not pay hackers to retrieve their data, because it encourages future attacks.

However, John Hammond from Huntress Labs doesn’t believe the situation is so simple. The cybersecurity firm Huntress Labs Inc is leading the investigation into the attack.

“This is an extremely intricate and tough situation,” he said in a private Twitter message to Ticker reporters.

“You have to make the decision that is best for your business,” he said.

REvil has shared an update on their personal dark web site. Their asking price to decrypt ALL victims is $70,000,000 USD. pic.twitter.com/e5WDWxDE53
— John Hammond (@_johnhammond) July 5, 2021

The Kaseya cyber attack

The attack targeted more than 20 managed service providers (MSP). Yesterday, Huntress Labs anticipated the hack had affected more than 1000 businesses, which expectations that the figure would grow based on reports from the providers and a Reddit thread tracking the hack.

“It’s reasonable to think this could potentially be impacting thousands of small businesses,” tweeted John Hammond from Huntress Labs. Hammond says the attack targeted a software supplier called Kaseya.

Biden has sinced called for US intelligence to conduct a “deep dive” into the attacks. “We’re not sure it’s the Russians,” he said. “The initial thinking was, it was not the Russian government, but we’re not sure yet.”

Based on a combination of the service providers reaching out to us for assistance along with the comments we're seeing in this thread, it's reasonable to think this could potentially be impacting thousands of small businesses.
— John Hammond (@_johnhammond) July 3, 2021

Sweden closes up shop

Another victim of the attack is Sweden, which has seen around 500 supermarkets unable to trade.

Coop Sweden has closed half of its 800 stores after its point-of-sale tills and self-service checkouts stopped working just before the weekend.

The supermarket itself was not targeted by hackers. However, because it uses on of the affected MSPs it too has fallen victim to the attack.

Cybersecurity becomes and international security issue

This comes as the latest in a string of ransomware attacks in recent months, including the attack on JBS. Experts have also attributed the JBS attack to the REvil cyber gang.

It also comes shortly after President Joe Biden signed an executive order to strengthen cybersecurity defences across the US.

U.S President signs executive order after cyber attack

Ticker