ITP Techblog

Brought to you by IT Professionals NZ
« Back to Home

Hacking gang's US$70 million ransom demand

Peter Griffin, Contributor. 06 July 2021, 7:42 am

The REvil group behind what may be the largest worldwide ransomware attack to date, has changed tack with its ransom demands, asking for payment of US$70 million in Bitcoin to release decryption tools to undo its handiwork.

Dozens of New Zealand kindergartens and schools were yesterday among the local organisations either hit by the ransomware attack, or taking their systems offline as a precaution given they were users of the Kaseya network security software that was hijacked to mount the attack.

REvil had apparently been making demands for payment of $45,000 in Bitcoin, with some reports of up to $5 million requested from larger organisations. But the sheer number of victims affected through the supply chain hack that saw Kaseya's VSA software updates infiltrated with malware, seems to have overwhelmed the hackers.

Rather than dealing with hundreds or thousands of individual negotiations they have suggested their victims instead crowdsource payment to end the lock on computers that is likely to ruin 4th of July celebrations for many victims in the US.

"More than a million systems were infected," the REvil group boasted in a post on the dark web blog post. 

"If anyone wants to negotiate about universal decryptor our price is $70 000 000$ in BTC and we will publish publicly decryptor [sic] that decrypts files of all victims, so everyone will be able to recover from attack in less than one hour," it added.

Screenshot 2021-07-06 at 12.36.27 AM.png

With most governments recommending that victims of ransomware don't pay up, it's unlikely that there will be any official coordinated effort to raise the $70 million required by the hackers to make the problem go away. That hasn't stopped some from seriously considering innovative ways to facilitate payment quickie in order to get affected businesses back online.

Screenshot 2021-07-06 at 7.31.02 AM.png

Kaseya has hired cybersecurity experts FireEye to investigate how its software was co-opted in the attack and said it planned to "bring our SaaS data centers back online on a one-by-one basis starting with our E.U., U.K., and Asia-Pacific data centers followed by our North American data centers".

On-premises VSA servers would require a patch to be installed before restarting, with Kaseya planning the update for release on July 5 US time. 

If you want to know more about how Kaseya unwittingly became a vector for a ransomware blitz and what it means for New Zealand businesses, Stuff has a good backgrounder.



You must be logged in in order to post comments. Log In

Web Development by The Logic Studio