The gang broke into Kaseya, a Miami-based information technology company, and used their access to crack some of its customers’ customers, creating a chain reaction that quickly paralyzed the computers of hundreds of companies around the world.
A Kaseya executive said the company was aware of the ransom note but did not immediately return any further messages asking for comment.
According to a study by cybersecurity company ESET, around a dozen different countries were affected.
In at least one case, the disturbance became public when Swedish grocery chain Coop was forced to close hundreds of stores on Saturday because their registers went offline as a result of the attack.
On Sunday, the White House said it would reach out to victims of the outbreak “to provide assistance based on a national risk assessment”.
The impact of the break-in is still coming into focus.
Those affected included schools, small public institutions, travel and leisure organizations, credit unions and accountants, said Ross McKerchar, chief information security officer for Sophos Group.
Mr McKerchar’s company was one of several to blame REvil for the attack, but Sunday’s statement was the group’s first public acknowledgment that it was behind the campaign.
Ransom-seeking hackers tend to prefer more targeted shakedowns against single, high-value targets, such as: Brazilian meat packer JBS, whose production was halted last month when REvil attacked its systems. JBS said it paid the hackers $ 11 million.
Mr Liska said he believed the hackers bit off more than they could chew by encrypting the data of hundreds of companies at once, and that the $ 70 million claim was an attempt to make the most of a difficult situation do.
“With all of your big speeches on your blog, I think this has gotten out of hand,” he said.
The FBI said in a statement on Sunday (Monday AEST) that it is investigating the attack with the federal cybersecurity and infrastructure security agency, although “the scale of this incident could make it impossible for us to be able to target each victim individually to react”. .
Deputy National Security Advisor Anne Neuberger later said President Joe Biden had “directed all government resources to investigate this incident,” and urged anyone who believed they were compromised to alert the FBI.
Mr Biden suggested over the weekend that the US would react if the Kremlin was found to be involved.
The attack comes less than a month after Mr Biden urged Russian President Vladimir Putin to no longer provide a safe haven to REvil and other ransomware gangs whose relentless extortionate attacks the US sees as a national security threat.
REvil has been active since April 2019 and offers ransomware-as-a-service, i.e. it develops the network-crippling software and rents it to so-called affiliates who infect targets and earn the lion’s share of the ransom money.
US officials say the most powerful ransomware gangs were based in and operate with Russia and allied states Kremlin tolerance and sometimes to cooperate with Russian security services.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kremlin-led Kaseya attack, it shows that Mr Putin has “done nothing” to shut down cyber criminals.
#Latest #ransomware #attackers #charge #million #Dark #website