1M ransomware attacks, hackers demand $70M

San Francisco: Russian cybercriminals behind the Kaseya supply chain ransomware attack have demanded a record $70 million to decrypt nearly one million affected devices.

Ireland-based Kaseya provides IT solutions, including VSA, a unified remote-monitoring and management tool for handling networks and endpoints.

The hackers belonging to REvil, a Russian-speaking group, have compromised Kaseya VSA which is used by Managed Service Providers to perform IT tasks remotely, the media reported on Tuesday.

The Federal Bureau of Investigation (FBI) last month attributed the attack on major American meat producer, JBS USA. to REvil. JBS USA confirmed that it paid an equivalent of $11 million in ransom in response to the criminal hack against its operations.

The Russian government had denied any involvement in cyberattacks like the JBS hack, calling these allegations “groundless”.

The same group has reportedly attacked IT firm Kaseya.

According to Kaseya, over 40,000 organisations worldwide use at least one Kaseya software solution. As a provider of technology to MSPs, which serve other companies, Kaseya is central to a wider software supply chain, reports ZDNet.

Kaseya CEO Fred Vocolla said in a statement over the last weekend that “only a very small percentage of our customers were affected — currently estimated at fewer than 40 worldwide.”

Sophos VP Ross McKerchar said in a statement that this is one of the “farthest reaching criminal ransomware attacks that Sophos has ever seen”.

In a July 5 update, Kaseya said that a fix was being developed and would first be deployed to SaaS environments.

REVil has now demanded $70 million for a universal decryption tool to end the Kaseya attack.

“More than a million systems were infected. If anyone wants to negotiate about universal decryptor our price is $70 000 000$ in BTC and we will publish a publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than one hour,” claimed the hacker group.

The group is asking for $5 million for affected managed service providers and $44,999 for affected Kaseya customers, according to BleepingComputer.