Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies have demanded $70m in Bitcoin to restore the data.
The attack was executed on Friday and has affected at least 200 companies in the United States.
On Sunday, a ransom demand was posted on a blog typically used by the REvil gang, a major Russian-speaking ransomware syndicate.
The group said: “We launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor.”
The group has an affiliate structure, making it difficult to determine who speaks on the hackers’ behalf, but Allan Liska from cybersecurity firm Recorded Future said the message “almost certainly” came from REvil’s core leadership.
The ransomware attack was among the most dramatic in a series of increasingly attention-grabbing hacks.
The gang broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients’ clients, setting off a chain reaction that quickly paralyzed the computers of hundreds of firms worldwide.
More on Cyberattacks
Hundreds of US companies hit by ‘devastating’ ransomware attack, cyber experts say
Air India: At least 4.5 million people’s data exposed following IT system hack
Cyber attack on US government: Biden accused Trump of failing on security
Cyber space will become ‘most contested domain’, warns UK security chief
Coronavirus: Cyber Security Centre handled record number of incidents over past year
Unit 74455: Russian hackers wanted by the FBI
Cybersecurity experts blamed REvil for the attack but the statement posted on Sunday was the group’s first public acknowledgement that it was behind it.
Looks like #REvil is asking for $70 million in $BTC to release the Kaseya decryptor publicly. pic.twitter.com/0m7YhCclqb
— Satnam Narang (@satnam) July 5, 2021
Mr Liska said he believed the hackers had bitten off more than they could chew.
“For all of their big talk on their blog, I think this got way out of hand and is a lot bigger than they expected,” he said.
US President Joe Biden said on Saturday that his government is not sure who was behind the attack but he did not rule out Russian involvement.
Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.
Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.
It is not yet clear how many Kaseya customers might be affected or who they might be but the company has hired cybersecurity company FireEye to help deal with the fallout.
Subscribe to Into The Grey Zone podcast on Apple Podcasts, Spotify