Over this last weekend Kaseya, a company providing IT management software to businesses all over the world, was hit by a ransomware attack that cybersecurity firms claim was undertaken by an affiliate of the Russian cybercriminal group REvil. Now, the group has confirmed that it was entirely responsible for the attack, and is demanding an enormous ransom: $70 million.
REvil has demands, and they aren’t small
In a post on a dark web blog (ironically called ‘Happy Blog’), uncovered by The Record, REvil takes credit for the attack and claims that its total reach affects over a million systems world wide, locking them down. It also makes its ransom demand for the decryption key.
It reads: “On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal – contact us using victims “readme” file instructions.
Previous estimates pointed towards 70 of Kaseya’s Managed Service Providers (MSPs) being affected, and a further 350 businesses attacked by extension, with cybersecurity firm Sophos expecting the total number of victim systems to be much higher. While over a million systems may sound like a lot without context, it’s a believable number considering Kaseya’s extensive reach.
REvil has been causing chaos with several cyber attacks prior to this, but the Kaseya is by far the farthest reaching. It also demands the highest ransom.