WASHINGTON, D.C. – According to a statement on a dark web site, hackers suspected of being behind a huge extortion attack that hit hundreds of companies globally late Sunday wanted US$70 million to recover the data they are holding captive. The demand was made on a site commonly used by the REvil cybercrime gang, a Russia-linked outfit that is one of the most active extortionists in the cybercriminal world.
The gang’s affiliate structure makes it impossible to tell who speaks for the hackers, but cybersecurity company Recorded Future’s Allan Liska said the statement “very probably” came from REvil’s main leadership.
Reuters attempted to contact the group for comment, but it did not respond.
REvil’s ransomware attack, which took place on Friday, was one of the most high-profile in a string of increasingly high-profile hacks.
The group went into Kaseya, a Miami-based information technology corporation, and exploited their access to hack into some of its clients’ accounts, triggering a chain reaction that stopped the computers of hundreds of companies around the world.
Kaseya’s executive confirmed that the company was aware of the ransom demand, but did not respond to any requests for comment.
According to data provided by cybersecurity firm ESET https://www.welivesecurity.com/2021/07/03/kaseya-supply-chain-attack-what-we-know-so-far, about a dozen countries were affected.
When the Swedish Coop grocery store chain had to close hundreds of locations on Saturday because its cash registers were knocked offline as a result of the attack, the disruption spilled out into the public sphere.
The White House stated earlier on Sunday that it was reaching out to epidemic victims “to give assistance based on an assessment of national risk.”
The full extent of the intrusion is still being determined.
Schools, local government agencies, travel and leisure groups, credit unions, and accountants were among those affected, according to Ross McKerchar, chief information security officer of Sophos Group Plc.
McKerchar’s firm was one of several that had been implicated for the attack. https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/ REvil has been blamed for the attack, but Sunday’s statement was the group’s first public admission that it was behind it. Ransomware attackers have a history of focusing their attacks on particular, high-value targets, such as JBS, a Brazilian meatpacker whose production was halted last month when REvil targeted its systems. JBS stated that it eventually paid https://jbsfoodsgroup.com/articles/jbs-usa-cyberattack-media-statement-june-9 The hackers made a profit of $11 million. Liska believes the hackers overreached themselves by scrambling the data of hundreds of firms at once, and that the US$70 million demand is a desperate attempt to make the best of a bad situation. “I think this got completely out of hand,” he stated, despite their big rhetoric on their blog. (Raphael Satter contributed reporting; Kim Coghill and Robert Birsel edited the piece.)/n
