Russia based hackers demand $70 million from companies hit by ransomware attack

Hackers suspected to be behind ransomware attack on American IT firm Kaseya have demanded US$70 million to restore data they are holding, according to a posting on a dark website. The demand was posted on a blog typically used by REvil cybercrime gang, a group of Russia-based hackers counted amongst world’s most prolific extortionists. In the posting, REvil offered to release a global decryptor key in exchange for the said amount.

Hackers claim a million systems 

In the dark web posting, the REvil group also said their attack on MSP providers has claimed more than a “million” systems. Later, Forbes confirmed that the victims of the world’s biggest ransomware attacks were spread across at least 17 countries. An executive at Kaseya confirmed that the company was aware of the ransom demand but did not spill further details.

FBI has commenced a full-fledged investigation into the matter joining Cybersecurity and Infrastructure Security Agency and US federal agencies “to understand the scope of threat”. In addendum, they have also issued a warning for affected parties asking them to impose all the required mitigation measures.

"If you believe your systems have been compromised, we encourage you to employ all recommended mitigations, follow Kaseya's guidance to shut down your VSA servers immediately and report to the FBI," the bureau said in a statement Sunday, referencing the signature networking software that was attacked. "Although the scale of this incident may make it so that we are unable to respond to each victim individually, all information we receive will be useful in countering this threat," the FBI statement said.

On July 2, the Miami-based IT and security provider was hit by a colossal cyberattack by a group of Russian hackers called ‘REvil’. The attack not only affected over 200 businesses across America but also hit over 800 grocery stores in Sweden, all of which were indirectly linked to Kaseya. US President Joe Biden ordered a probe into the attacks, particularly to find out if the hackers were affiliated with Russia. Additional reports suggest that POTUS recently raised the threat in talks with Russian counterpart Vladimir Putin.

Image: Unsplash