Hackers demand $70 million to restore data held by companies hit in
cyberattack - blog
Send a link to a friend
 [July 05, 2021] By
Raphael Satter
WASHINGTON (Reuters) -Hackers suspected to
be behind a mass extortion attack that affected hundreds of companies
worldwide late on Sunday demanded $70 million to restore the data they
are holding ransom, according to a posting on a dark web site.
The demand was posted on a blog typically used by the REvil cybercrime
gang, a Russia-linked group that is counted among the cybercriminal
world's most prolific extortionists.
The gang has an affiliate structure, occasionally making it difficult to
determine who speaks on the hackers' behalf, but Allan Liska of
cybersecurity firm Recorded Future said the message "almost certainly"
came from REvil's core leadership.
The group has not responded to an attempt by Reuters to reach it for
comment.
REvil's ransomware attack, which the group executed on Friday, was among
the most dramatic in a series of increasingly attention-grabbing hacks.
The gang broke into Kaseya, a Miami-based information technology firm,
and used their access to breach some of its clients' clients, setting
off a chain reaction that quickly paralyzed the computers of hundreds of
firms worldwide.
An executive at Kaseya said the company was aware of the ransom demand
but did not immediately return further messages seeking comment.
About a dozen different countries were affected, according to research
published
https://www.welivesecurity.com/
2021/07/03/kaseya-supply-chain-attack-what-we-know-so-far by
cybersecurity firm ESET.
In at least one case, the disruption spilled out into the public domain
when Swedish Coop grocery store chain had to close hundreds of stores on
Saturday because its cash registers had been knocked offline as a
consequence of the attack.
[to top of second column] |
A man types on a computer keyboard in Warsaw in this February 28,
2013 illustration file picture. REUTERS/Kacper Pempel/File Photo
Earlier on Sunday, the White House said it was reaching out to victims of the
outbreak "to provide assistance based upon an assessment of national risk."
The impact of the intrusion is still coming into focus.
Those hit included schools, small public-sector bodies, travel and leisure
organizations, credit unions and accountants, said Ross McKerchar, chief
information security officer at Sophos Group Plc.
McKerchar's company was one of several that had blamed https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses
REvil for the attack, but Sunday's statement was the group's first public
acknowledgement that it was behind the campaign.
Ransom-seeking hackers have tended to favor more focused shakedowns against
single, high-value targets like Brazilian meatpacker JBS, whose production was
disrupted last month when REvil attacked its systems. JBS said it ended up
paying https://jbsfoodsgroup.com/articles/jbs-usa-cyberattack-media-statement-june-9
the hackers $11 million.
Liska said he believed the hackers had bitten off more than they could chew by
scrambling the data of hundreds of companies at a time and that the $70 million
demand was an effort to make the best of an awkward situation.
"For all of their big talk on their blog, I think this got way out of hand," he
said.
(Reporting by Raphael Satter; Editing by Kim Coghill, Robert Birsel)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
