$70m Ransom Demand To Restore Hacked Data

Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies are now demanding $70m in Bitcoin to restore an organisation’s data. The demand was posted on a Reddit forum  typically used by the REvil cyber crime gang, thought to be a Russian group that is both  prolific and expert at ransomware-driven extortion.

The attack came to light on July 4th and has affected over 200 companies in the United States and other countries have been attacked as well. The gang broke into Kaseya, a Miami-based IT software firm and used their access to breach at least some of its clients networks, setting off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide.

REvil has even posted its statement on twitter saying “we launched an attack on MSP providers. More than a million systems were infected…our price is 70 million$ in BTC”.This is the group's first public acknowledgement that it was behind the attacks. The group is understood to has a loose affiliate structure, making it difficult to determine who speaks on the hackers' behalf. 

Downplaying the impact,  spokesperson for Dell's threat intelligence unit Secureworks commented “We are not seeing significant impact across our customer base. Less than ten organisations appear to have been affected, and the impact appears to have been restricted to systems running the Kaseya software... We have not seen evidence of the threat actors attempting to move laterally or propagate the ransomware through compromised networks. That means that organisations with wide Kaseya VSA deployments are likely to be significantly more affected than those that only run it on one or two servers.

Based on the information released to date it appears that the breach of Kayesaq was an orchestrated attack against a subset of Kaseya VSA clients who manage IT service providers (MSPs). 

“The evidence we have does not indicate that Kaseya's software update infrastructure has been compromised. That does mean that, while we have seen limited impact across our customer base, there may be larger clusters of victims elsewhere based on use of common MSPs.” Securworks say.

Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.

SecureWorks:         Economic Times:      Technology Inquirer:      Sky:    ABS-CBN:    The Record:   Satnam Narang:

You Might Also Read:

Ransomware Attack Protection:

 

« Technical Debt Is A Serious Threat To Innovation
Swedish Supermarkets Closed Down By US Ransomware Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Unit 42

Unit 42

Unit 42 brings together world-renowned threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.

OmniIndex

OmniIndex

OmniIndex PostgresBC is the only commercial solution allowing you to keep your most sensitive and critical data encrypted while analyzing it. Structured and unstructured.