Suspected Ransomware Group Demands $70 Million.

5 July 2021: Hackers suspected of being behind a massive ransomware attack have made a demand of $70 million in cryptocurrency in exchange for unlocking all of the affected systems.

The demand appeared Sunday on a dark web site used by the Russia-linked REvil gang.

The cyberattack Friday hit the systems of hundreds of companies and public agencies across the world.

It involved a breach of the Miami-based software company Kaseya, which called the attack “sophisticated.”

Kaseya said in a statement it had a detection tool available for customers to see if their systems were infiltrated, and that it hoped to begin bringing its data centers back online by the end of Monday.

The FBI said REvil was responsible for a late May ransomware attack that shut down the operations of JBS, the world’s largest meat processing company.

U.S. President Joe Biden on Saturday referred to his meeting with Russian President Vladimir Putin last month, suggesting the United States would hold Russia responsible if it were linked to the attack.

“If it is, either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond,” Biden told reporters. 

‘Tip of the iceberg’

Some experts said the timing of the attack, on the Friday before a long US holiday weekend, was aimed at spreading it as quickly as possible while employees were away from the job.

“What we are seeing now in terms of victims is likely just the tip of the iceberg,” said Adam Meyers, senior vice president of security company CrowdStrike.

President Joe Biden said on Saturday he has directed US intelligence agencies to investigate who was behind the attack.

According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, so payments could not be taken.

“We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,” Coop spokesperson Therese Knapp told Swedish Television.

The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.

State railways services and a pharmacy chain also suffered disruption.

This report includes information from the Associated Press and Reuters

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s