Russia-based cybercriminal gang REvil is seeking $70 million worth of Bitcoin after initiating a cyberattack on a minimum of 200 firms in the US. John Hammond, the lead cybersecurity researcher at security company Huntress Lab, verified that REvil appeared to be behind the ransomware breach.
According to reports, REvil was able to distribute the ransomware by hacking Kaseya, a software provider. To finish the assault via the cloud, Revil employed Kaseya’s network-management software. REvil’s newest assault seems to be the largest worldwide ransomware attack on history, affecting the IT systems of over 1 million businesses.
The ransomware organization, on the other hand, is prepared to give a decryptor for affected devices in exchange for $70 million in Bitcoin. “On Friday (02.07.2021) we began an attack on MSP providers,” the dark website Happy Blog said in a post titled “KASEYA ATTACK INFO.” Over a million computers were compromised. “If somebody wants to bargain on a worldwide decryptor, our demand is 70 million dollars in Bitcoin, and we will publicly release a decryptor that decodes all victims’ data, allowing everyone to recuperate from the attack in under an hour.”
New Zealand schools are among the hacking casualties. Swedish food businesses and two big Dutch IT enterprises, VelzArt and Hoppenbrouwer Techniek, are among the other victims. The ransomware assault has prompted Swedish supermarket retailer Coop to shut down all its 800 shops.
Following the incident, the Federal Bureau of Investigation (FBI) in the United States announced that it had begun a probe. The FBI also stated that it is in touch with Kaseya and the Cybersecurity and Infrastructure Security Agency (CISA) to contact ransomware sufferers.
“We advise everyone who may be impacted to utilize the suggested countermeasures, and customers to follow Kaseya’s instructions to shut down VSA servers promptly,” the Bureau stated.
REvil’s new attack isn’t among the first its sort. REvil is renowned for launching advanced attacks on its victims and demanding ransoms in return for decryptors. The group of hackers has so far demanded up to $50 million from a range of enterprises, including Apple, a global tech firm based in the United States.
Colonial Pipeline was targeted by a Russian hacking gang in May, compelling the firm to settle a $5 million ransom in cryptocurrency. The hacker organization delivered a decrypting program to repair the blocked computer network soon after the payment. JBS, the world’s biggest meat packing firm, paid REvil $11 million in Bitcoin as ransom in the very same month.
Looks like #REvil is asking for $70 million in $BTC to release the Kaseya decryptor publicly. pic.twitter.com/0m7YhCclqb
— Satnam Narang (@satnam) July 5, 2021
After REvil’s assault knocked out its systems, JBS accepted the money to get back on track. Andre Nogueira, the CEO of JBS USA, expressed the pain of paying the hacking group as “extremely unpleasant.” As per him, the firm had no choice but to hand over cash to the hacking group as ransom in order to avoid additional REvil assaults.