According to a post on a dark web site, hackers are being accused of extorting hundreds of companies around the world late Sunday night. They demanded $70 million in ransom to recover their data.
The request was made on a blog used by the REvil cybercrime group, which is linked to Russia and considered one of the most prolific extortionists in cybercrime.
It is sometimes difficult to identify who is speaking on behalf of hackers because the gang has an affiliate structure. However, Allan Liska, a cybersecurity firm Recorded Future, said that the message was “almost certain” from REvil’s core leadership.
Reuters attempted to reach the group but it did not respond.
The ransomware attack by REvil on Friday was one of the most attention-grabbing in a series.
The gang broke into Kaseya’s Miami-based information technology company and used their access for some of its clients. This set off a chain reaction which paralyzed hundreds of other companies worldwide.
Kaseya’s executive stated that the company was aware about the ransom demand, but didn’t immediately respond to messages seeking comment.
According to ESET’s research https://www.welivesecurity.com/2021/07/03/kaseya supply-chain-attack – what-we-know so far, about a dozen countries were affected.
At least one instance of disruption was reported in the media. Swedish Coop, a grocery chain owned by Swedish Coop, had to close hundreds more stores on Saturday after its cash registers were damaged during the attack.
The White House stated earlier on Sunday that it would reach out to victims of the epidemic “to provide assistance, based upon an evaluation of national risk.”
The intrusion’s impact is still being felt.
Ross McKerchar (chief information security officer at Sophos Group Plc) stated that schools, small public-sector organizations, travel and leisure organisations, credit unions, and accountants were among those affected.
McKerchar’s company was among those that had previously blamed https://news.sophos.com/en–us/2021/07/04/independence_day-revil–uses-supply–chain-exploit–to-attack–hundreds–of-businesses REvil. However, Sunday’s statement was the group’s first public acknowledgement of its involvement in the attack.
Ransom-seeking hackers tend to prefer more targeted attacks against high-value targets such as Brazilian meatpacker JBS. JBS’ production was disrupted when REvil attacked its systems last month. JBS claimed it paid $11 million to https://jbsfoodsgroup.com/articles/jbs–usa-cyberattackmedia-statement june-9 hackers
Liska stated that he believed hackers had taken more than they could chew when scrambling data from hundreds of companies at once. The $70 million demand was an attempt to make the most of an awkward situation.
He said, “For all their big talk about their blog, I believe this got out of control.”