$70m Ransom Demand To Restore Hacked Data
Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies are now demanding $70m in Bitcoin to restore an organisation’s data. The demand was posted on a Reddit forum typically used by the REvil cyber crime gang, thought to be a Russian group that is both prolific and expert at ransomware-driven extortion.
The attack came to light on July 4th and has affected over 200 companies in the United States and other countries have been attacked as well. The gang broke into Kaseya, a Miami-based IT software firm and used their access to breach at least some of its clients networks, setting off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide.
REvil has even posted its statement on twitter saying “we launched an attack on MSP providers. More than a million systems were infected…our price is 70 million$ in BTC”.This is the group's first public acknowledgement that it was behind the attacks. The group is understood to has a loose affiliate structure, making it difficult to determine who speaks on the hackers' behalf.
Downplaying the impact, spokesperson for Dell's threat intelligence unit Secureworks commented “We are not seeing significant impact across our customer base. Less than ten organisations appear to have been affected, and the impact appears to have been restricted to systems running the Kaseya software... We have not seen evidence of the threat actors attempting to move laterally or propagate the ransomware through compromised networks. That means that organisations with wide Kaseya VSA deployments are likely to be significantly more affected than those that only run it on one or two servers.
Based on the information released to date it appears that the breach of Kayesaq was an orchestrated attack against a subset of Kaseya VSA clients who manage IT service providers (MSPs).
“The evidence we have does not indicate that Kaseya's software update infrastructure has been compromised. That does mean that, while we have seen limited impact across our customer base, there may be larger clusters of victims elsewhere based on use of common MSPs.” Securworks say.
Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.
SecureWorks: Economic Times: Technology Inquirer: Sky: ABS-CBN: The Record: Satnam Narang:
You Might Also Read: