Hackers demand $70 million in Kaseya REvil ransomware attack


The Kaseya REvil ransomware attack is massive. The IT management software provider serves over 36,000 companies worldwide. And the attackers are demanding $70 million to provide the encryption key to restore data they hold for ransom.

As 2021 unfolds a series of high-profile ransomware attacks have posed a threat to governments, companies, and institutions like never before. It has been estimated that there have been 5,000 REvil ransomware attacks across 22 countries in the last few years.

The ransom demand for $70 million was posted to a dark-web blog that has been used by the Russian-linked REvil ransomware gang. The hackers also indicate they are open to some negotiation.

Signup for the USA Herald exclusive Newsletter

They are also suspected of the Memorial Day attack on JBS, the US meat processor. And the ransomware gang walked away with an 11 million dollar ransom.

Supply-chain attack

Hundreds of Kaseya’s client companies were directly hit by the supply-chain attack. The VSA software, which provides IT services to businesses, was used by hackers to infect the network.

All the victims were using a network management and remote control software developed by Kaseya, a U.S. technology firm that operates a global business.

On Friday, the file-encrypting ransomware hit hundreds of companies and institutions around the world. There were disruptions and some businesses were forced to close.

The Coop, one of Sweden’s largest grocery chains, was immediately impacted and forced to close 800 of its stores. And the schools in New Zealand were unable to open, according to a New York Times report.

Demi Ben-Ari, Co-Founder & CTO of Tel Aviv-based security management company Panorays said Saturday, that the supply-chain attack meant that “the viral distribution of this thing is going to be massive.”

“This is without a doubt going to turn out to be the biggest most destructive ransomware campaign that we’ve seen so far,” Dmitri Alperovitch, co-founder and former chief technology officer of cybersecurity firm Crowdstrike tweeted.

“Huge number of victims all over the world. Entire networks encrypted. No way to decrypt today without paying millions per network of any significant size.”

Kaseya posts updates of the ransomware attack on its website.

And the Biden White House issued a statement Sunday that “the full resources of the government to investigate this incident,” and urged businesses to adopt Ransomware Task Force recommendations released last month to strengthen their cyber defense.

The FBI asked US businesses to report any effects to their systems. But also warned that it may not be able to respond to each victim individually “due to the potential scale of this incident.”