Hackers demand $70M ransom
Thousands of US business affected
A hacking group that experts said was behind the sprawling ransomware attack that hit hours before the beginning of the July Fourth holiday weekend is demanding $70 million to unlock the thousands of businesses affected by the hack.
REvil, the same Russian language group behind the attack on meat processor JBS, posted the demand on a dark website associated with the group.
The group wants the funds in bitcoin, a popular cryptocurrency, and said that, if it receives the money, it will publish a “decryptor key,” or a computer code that will unlock the victims’ files.
The massive attack was carried out through software that helps businesses manage their computer systems, made by Miami-based firm Kaseya. Kaseya sells its tool to many large managed service providers, who in turn help small and midsize businesses monitor and control their computer networks.
Kaseya admitted this weekend it had been a victim of a “sophisticated cyberattack.” In an interview with the Associated Press, Kaseya CEO Fred Voccola estimated the number of affected companies to be in the low thousands, almost all of them small businesses.
Already, the ransomware attack has temporarily shut down hundreds of Coop Sweden grocery stores because the cash registers were locked up. In New Zealand, nine schools were affected in some ways, forcing some students to shut down their computers, according to the New Zealand Herald. ESET Research said on Twitter it had so far identified victims in 17 countries.
The full scope of the attack likely won’t be known for quite some time — especially as many workers are still off for the holiday weekend in the United States. Researchers say hackers often plan their attacks for holidays to take advantage of fewer eyes on computer systems.
REvil’s request for a joint ransom is likely an acknowledgment that the hacking group wants to end the attack quickly, said Allan Liska, a researcher with the cybersecurity firm Recorded Future.
“To me, that’s a sign that they realize that this is a bigger problem than they originally thought,” Liska said. “But I think, behind the scenes, this is a lot more than they probably anticipated.”
The FBI said it is investigating the attack and encouraged victims to report the effects to the agency.
“Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat,” the agency wrote in a public notice Sunday.
Anne Neuberger, deputy national security adviser for cyber and emerging technology, said in a statement Sunday that President Joe Biden had “directed the full resources” of the government to investigate the attack.
The attack comes just weeks after Biden met with Russian President Vladimir Putin and discussed starting consultations on addressing cyber attacks. Biden said Saturday in comments to press that the initial thinking was that the Russian government was not involved, but that the government was still looking into it.