Russian Ransomware Group REvil Demands $70 Mln In Bitcoin From US Firms

Russian-based ransomware group REvil is reportedly demanding $70 million in bitcoin from 200 US firms in exchange for a decrypter to reinstall their networks that were hacked last week.

This is considered as the largest ransom demand ever.

In a malicious attack targeting software supplier Kaseya, REvil on Friday used its network-management package to spread the ransomware via the cloud, which is estimated to have infected more than 1 million computer machines.

‘If anyone wants to negotiate about universal decryptor – our price is $70,000,000 BTC [Bitcoin] and we will publicly publish decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour,’ REvil wrote in a message it posted on its dark web site Happy Blog on Sunday.

A universal decryptor would provide victims with an easier and faster path to recovery, which represents a major shift in the hacking group’s tactics.

Colonial Pipeline were forced to pay Darkside $4.3 million after its functionality and services were paralyzed in a major ransomware attack in May, sparking a fuel crisis in the United States.

President Joe Biden had ordered U.S. intelligence agencies to investigate the Kaseya ransomware attack, and warned Russia of consequences if it was behind the attack.

The cybersecurity professionals across the FBI, the Cybersecurity and Infrastructure Security Agency and the intelligence community have been working around the clock to respond to this incident.

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger urged those who believe their systems have been compromised in the Kaseya ransomware incident to immediately report to the Internet Crime Complaint Center at https://www.IC3.gov.

“The FBI and CISA will reach out to identified victims to provide assistance based upon an assessment of national risk,” Neuberger said in a statement. She also urged possible victims to follow the guidance from Kaseya including shutting down their VSA servers and implementing CISA’s and FBI’s mitigation techniques.

Source: Read Full Article