$70m Ransom Demand To Restore Hacked Data

Uploaded on 2021-07-06 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies are now demanding $70m in Bitcoin to restore an organisation’s data. The demand was posted on a Reddit forum  typically used by the REvil cyber crime gang, thought to be a Russian group that is both  prolific and expert at ransomware-driven extortion.

The attack came to light on July 4th and has affected over 200 companies in the United States and other countries have been attacked as well. The gang broke into Kaseya, a Miami-based IT software firm and used their access to breach at least some of its clients networks, setting off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide.

REvil has even posted its statement on twitter saying “we launched an attack on MSP providers. More than a million systems were infected…our price is 70 million$ in BTC”.This is the group's first public acknowledgement that it was behind the attacks. The group is understood to has a loose affiliate structure, making it difficult to determine who speaks on the hackers' behalf. 

Downplaying the impact,  spokesperson for Dell's threat intelligence unit Secureworks commented “We are not seeing significant impact across our customer base. Less than ten organisations appear to have been affected, and the impact appears to have been restricted to systems running the Kaseya software... We have not seen evidence of the threat actors attempting to move laterally or propagate the ransomware through compromised networks. That means that organisations with wide Kaseya VSA deployments are likely to be significantly more affected than those that only run it on one or two servers.

Based on the information released to date it appears that the breach of Kayesaq was an orchestrated attack against a subset of Kaseya VSA clients who manage IT service providers (MSPs). 

“The evidence we have does not indicate that Kaseya's software update infrastructure has been compromised. That does mean that, while we have seen limited impact across our customer base, there may be larger clusters of victims elsewhere based on use of common MSPs.” Securworks say.

Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.

SecureWorks:         Economic Times:      Technology Inquirer:      Sky:    ABS-CBN:    The Record:   Satnam Narang:

You Might Also Read:

Ransomware Attack Protection:

 

« Technical Debt Is A Serious Threat To Innovation
Swedish Supermarkets Closed Down By US Ransomware Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Virsec Systems

Virsec Systems

Virsec detects and remediates previously “indefensible” advanced memory-based attacks on critical applications and server endpoints.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

Longbow Security

Longbow Security

Longbow automates root cause for your application and cloud risks, enabling teams with intelligent remediation actions that reduce the most risk with the least effort.