Hackers demand $70M in ransomware attack
Thousands of small businesses’ operations affected
A hacking group that experts said was behind the sprawling ransomware attack that hit hours before the beginning of the July Fourth holiday weekend is demanding $70 million to unlock the thousands of businesses affected by the hack.
Revil, the same Russian language group that was behind the attack on meat processor JBS, posted the demand on a dark website associated with the group.
The group wants the funds in bitcoin, a popular cryptocurrency, and said if it receives the money it will publish a “decryptor key,” or a computer code that will unlock the victims’ files.
The massive attack was carried out through software that helps businesses manage their computer systems, made by Miamibased firm Kaseya. Kaseya sells its tool to many large managed service providers, who in turn help small and midsize businesses monitor and control their computer networks.
Kaseya admitted it had been a victim of a “sophisticated cyberattack.” In an interview with the Associated Press, Kaseya CEO Fred Voccola estimated the number of affected companies to be in the low thousands, made up almost entirely of small businesses.
Already, the ransomware attack has temporarily shut down hundreds of Coop Sweden grocery stores because the cash registers were locked up. In New Zealand, nine schools were affected, forcing some students to shut down their computers, according to the New Zealand Herald. ESET Research said on Twitter it had identified victims in 17 countries so far.
The full scope of the attack likely won’t be known for quite some time — especially as many workers are still off for the holiday weekend in the United States. Researchers say hackers often plan their attacks for holidays to take advantage of fewer eyes on computer systems.
Revil’s request for a joint ransom is likely an acknowledgment that the hacking group wants to end the attack quickly, said Allan Liska, a researcher with the cybersecurity firm Recorded Future.
“To me that’s a sign that they realize that this is a bigger problem than they originally thought,” Liska said.
The FBI said it is investigating the attack, and encouraged victims to report the effects.
“Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat,” the agency wrote.
Anne Neuberger, deputy national security adviser for cyber and emerging technology, said in a statement Sunday that President Joe Biden had “directed the full resources” of the government to investigate the attack.