$70m Ransom Demand To Restore Hacked Data

Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies are now demanding $70m in Bitcoin to restore an organisation’s data. The demand was posted on a Reddit forum  typically used by the REvil cyber crime gang, thought to be a Russian group that is both  prolific and expert at ransomware-driven extortion.

The attack came to light on July 4th and has affected over 200 companies in the United States and other countries have been attacked as well. The gang broke into Kaseya, a Miami-based IT software firm and used their access to breach at least some of its clients networks, setting off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide.

REvil has even posted its statement on twitter saying “we launched an attack on MSP providers. More than a million systems were infected…our price is 70 million$ in BTC”.This is the group's first public acknowledgement that it was behind the attacks. The group is understood to has a loose affiliate structure, making it difficult to determine who speaks on the hackers' behalf. 

Downplaying the impact,  spokesperson for Dell's threat intelligence unit Secureworks commented “We are not seeing significant impact across our customer base. Less than ten organisations appear to have been affected, and the impact appears to have been restricted to systems running the Kaseya software... We have not seen evidence of the threat actors attempting to move laterally or propagate the ransomware through compromised networks. That means that organisations with wide Kaseya VSA deployments are likely to be significantly more affected than those that only run it on one or two servers.

Based on the information released to date it appears that the breach of Kayesaq was an orchestrated attack against a subset of Kaseya VSA clients who manage IT service providers (MSPs). 

“The evidence we have does not indicate that Kaseya's software update infrastructure has been compromised. That does mean that, while we have seen limited impact across our customer base, there may be larger clusters of victims elsewhere based on use of common MSPs.” Securworks say.

Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.

SecureWorks:         Economic Times:      Technology Inquirer:      Sky:    ABS-CBN:    The Record:   Satnam Narang:

You Might Also Read:

Ransomware Attack Protection:

 

« Technical Debt Is A Serious Threat To Innovation
Swedish Supermarkets Closed Down By US Ransomware Attack »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

DeviceLock

DeviceLock

DeviceLock is a leading provider of endpoint device/port control and data leak prevention software.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.