Russian hackers REvil demanded a ransom of $70 million in Bitcoin for a decryption key, following a cyberattack on 1,000 U. S. companies.
The breach, which is the largest ransomware attack ever recorded, is believed to have affected the PC systems of nearly a million corporations worldwide, penetrating the systems of US software company Kaseya.
Those affected included a school in New Zealand and the Swedish supermarket chain Coop. as as two major Dutch IT companies.
Meanwhile, hackers suspected of being the massive extortion attack On Sunday night demanded $70 million to repair the knowledge they have as a ransom, according to a post on a shady website.
The hackers then lowered their claims, asking for $50 million of the original $70 million.
He said: “We have introduced an attack on MSP providers. More than a million systems have been infected.
“If needed for the industry on universal decryptor, our value is $70,000,000 in BTC and we will publish the decryptor publicly. “
The request was posted on a blog used through the computer crime gang REvil, an organization with ties to Russia, considered one of the world’s most prolific extortionists of cybercriminals.
The gang’s design makes it difficult to figure out who speaks on behalf of the pirates.
However, Allan Liska of cybersecurity company Recorded Future told Reuters that the message came “almost certainly” from REvil’s most sensible management.
The attack, which occurred on Friday, was one of the most impressive hacks ever seen, amid a series of eye-catching measures through cyber hackers.
U. S. President Joe Biden on Saturday described Vladimir Putin as “weak”, after a bunch of U. S. corporations were hit by the breach.
Congressional Minority Leader Kevin McCarthy tweeted over the weekend: “Remember when President Biden gave Putin a list of things that were meant to be banned by cyberattacks?What he has said is that ALL U. S. targets are prohibited. “
The Republican added, “Biden is soft on crime and weak on Putin. “
Biden had said the intelligence network “didn’t know if Russia was to blame” for the ransomware attack.
“We are certain if it is the Russians. I have asked the intelligence network to give me an in-depth review of what happened, and I will find out more tomorrow,” the president said.
But he warned: “If it is knowing and/or like russia, then I told Putin that we will respond.
John Hammond of security firm Huntress Labs said the REvil gang, a leading Russian-speaking ransomware syndicate, appears to be the attack.
Hammond said the criminals were a software vendor named Kaseya, calling it a “colossal and devastating chain attack of sources. “
They then used their network control package to spread ransomware cloud service providers, Hammond said.
Other researchers agree with this assessment.
James Shank of risk intelligence firm Team Cymru said “it’s moderate to think it’s the right time” to coincide with July 4.
First, at least two hundred businesses were thought to be paralyzed on Friday, according to a cybersecurity researcher whose company was responding to the incident.
Subsequent reports have brought this figure closer to the 1000 mark, with a map showing the intrusion still at the point.
REvil is a gang of Russian-speaking hackers, born in 2019.
They would make more than $100 million a year.
The group, also known as Sodinokobi, is known to target global corporations and demand to be paid in Bitcoin.
REvil has a dark web page called Happy Blog, where it has already leaked sensitive data from the corporations it targets.
There is no link between the organization and Russian officials.
The disruption spread into the public domain when Swedish supermarket chain Coop was forced to close many retail outlets on Saturday, when its monetary records were disconnected after the attack.
Those affected included schools, small public sector agencies and recreation organizations, as well as credit unions and accountants.
However, Allan Liska’s idea that hackers would possibly have bitten more than they can chew is also capable of spitting out the knowledge of many corporations at once.
The massive request for $70 million is an effort to make the most of a delicate situation, he said.
The Federal Cybersecurity and Infrastructure Security Agency said Friday night in one that it was heavily tracking the scenario and working with the FBI to gather more data on its impact.
CISA suggested that those affected will most likely “follow Kaseya’s recommendation to shut down vsa servers immediately. “
Kaseya runs what is a virtual formula manager, or VSA, that is used to remotely manage and monitor a customer’s network.
Biden said last month that he had given Putin a list of U. S. entities that are “banned. “
Speaking to reporters, he said: “I talked about the proposal that critical infrastructure be banned in attacks – it was – through cyber or any other means.
“I gave them a list – 16 entities; Page 16
This came in the wake of two cyberattacks, Colonial Pipeline and meat processor JBS Holdings.
The two corporations reportedly paid millions of dollars in ransoms to recover their systems, Fox News reports.
Active since April 2019, the organization known as REvil provides ransomware as a service.
This means that it develops software that crippes the network and rents it to those who infect the targets and earn the lion’s share of the ransoms.
REvil is one of the ransomware gangs that borrow knowledge of the targets before activating the ransomware, which reinforces their extortion efforts.
The average ransom payment to the organization is around a million dollars last year, cybersecurity company Palo Alto Networks said in a recent report.
© News Group Newspapers Limited in England No. 679215 Registered office: 1 London Bridge Street, London, SE1 9GF. “The Sun”, “Sun”, “Sun Online” are registered trademarks or trade names of News Group Newspapers Limited. This service is provided in accordance with the popular terms and situations of News Group Newspapers’ Limited in accordance with our privacy and cookie policy. To request a license to reproduce material, our distribution site. Check out our online press kit. For other requests, please contact us. To view all of The Sun’s content, use the sitemap. Sun’s online page is regulated through the Independent Press Standards Organization (IPSO)
Our hounds review to be precise, but we make mistakes. For more top points about our claims policy and to register a claim, click here.