Advertisement

Ransomware group demands $70M in bitcoin for Kaseya cyberattack

Ransomware group REvil demanded Monday that software provider Kaseya pay $70 million in bitcoin to release information locked in a cyberattack over the weekend. File Photo by Maxim Shipenkov/EPA-EFE
Ransomware group REvil demanded Monday that software provider Kaseya pay $70 million in bitcoin to release information locked in a cyberattack over the weekend. File Photo by Maxim Shipenkov/EPA-EFE

July 5 (UPI) -- The ransomware gang REvil on Monday demanded a payment of $70 million in bitcoin to release a decryptor tool after its attack on software provider Kaseya over the weekend.

REvil posted a message on their dark web blog taking credit for the attack on Friday and claimed they had locked more than one million systems, cybersecurity firm Recorded Future said in a blog post.

Advertisement

"On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor -- our price is [$70,000,000] in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal -- contact us using victims 'readme' file instructions," the post read.

Recorded Future researcher Allan Liska told CNN the offer of a universal key represents a "logistical nightmare" for ReVil.

RELATED NSA warns of ongoing 'brute force' cyberattacks by Russia

"We know there are thousands of victims here. REvil [has] limited resources to handle negotiations and process keys," said Liska.

Liska added that the attack is likely the largest non-nation state supply chain attack and possibly the second largest ransomware attack ever, noting the full impact will not be known until Tuesday when people return to work from the holiday weekend.

Advertisement

REvil was also behind a ransomware attack on major meat producer JBS last month that shuttered its meat processing plants in the United States and Australia and prompted the company to pay a ransom of $11 million.

RELATED Ukraine police seize cash, cars, computers in raids on hackers that targeted U.S.

In an update posted Monday afternoon, however, Kaseya said it believed the attack had been localized to "a very small number of on-premises customers only."

The company added that its executive committee determined Monday morning that more time was required before bringing the data centers back online to "best minimize customer risk."

On Saturday, President Joe Biden said he directed intelligence agencies to investigate the attack on Kaseya.

RELATED Hackers steal 780gb of data from major game publisher Electronic Arts

Latest Headlines