Ransomware

REvil gang demands $70 million to decrypt Kaseya attack victims

0

REvil ransomware gang demands $70 million in Bitcoin for the tool for decrypting all systems locked during the Kaseya supply-chain attack.

The attack was propagated through Kaseya VSA cloud-based solution used by managed service providers (MSPs) to monitor customer systems and for patch management.

Customers of multiple MSPs were affected by the attack and the REvil ransomware encrypted networks of at least 1,000 businesses across the world.

The gang posted on their leak site that they locked more than a million systems and are willing to negotiate for a universal decryptor, starting from $70 million.

This is the highest ransom demand made so far by any gang and the previous record also belongs to REvil, in which they asked $50 million after attacking Taiwanese electronic and computer maker Acer.

Earlier, REvil ransomware asked $5 million from MSPs for a decryption tool and a $44,999 ransom from their customers.

But as the gang used multiple extensions when encrypting the files, the $44,999 demand was for unlocking files with the same extension.

For victims with locked files that have multiple extensions following the REvil ransomware encryption, the gang’s demand can be as high as $500,000.

REvil conducted this massive attack by exploiting a zero-day vulnerability in Kaseya VSA server that was reported privately and was in the process of being fixed.

The researchers from the Dutch Institute for Vulnerability Disclosure (DIVD) reported the bug and Kaseya had already created a patch that was being validated before delivering it to customers.

However, the REvil affiliates knew about the vulnerability, and exploited it before Kaseya could release the patches.

At the moment the full extent of this attack is not known but the investigation is ongoing.

U.S. President Biden also addressed the Kaseya supply-chain attack, directing intelligence agencies to investigate the hack that affected hundreds of U.S. businesses.

Image Credits : AXEL.org

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Kaseya supply chain attack infects hundreds with ransomware

    Previous article

    TrickBot botnet linked to a new Diavol ransomware

    Next article

    You may also like

    More in Ransomware

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *