July 5 (UPI) -- The ransomware gang REvil on Monday demanded a payment of $70 million in bitcoin to release a decryptor tool after its attack on software provider Kaseya over the weekend.
REvil posted a message on their dark web blog taking credit for the attack on Friday and claimed they had locked more than one million systems, cybersecurity firm Recorded Future said in a blog post.
"On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor -- our price is [$70,000,000] in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal -- contact us using victims 'readme' file instructions," the post read.
Recorded Future researcher Allan Liska told CNN the offer of a universal key represents a "logistical nightmare" for ReVil.
"We know there are thousands of victims here. REvil [has] limited resources to handle negotiations and process keys," said Liska.
Liska added that the attack is likely the largest non-nation state supply chain attack and possibly the second largest ransomware attack ever, noting the full impact will not be known until Tuesday when people return to work from the holiday weekend.
REvil was also behind a ransomware attack on major meat producer JBS last month that shuttered its meat processing plants in the United States and Australia and prompted the company to pay a ransom of $11 million.
In an update posted Monday afternoon, however, Kaseya said it believed the attack had been localized to "a very small number of on-premises customers only."
The company added that its executive committee determined Monday morning that more time was required before bringing the data centers back online to "best minimize customer risk."