Russian-speaking hackers Claim Major Ransomware Attack That Affected Hundreds of US Companies | News from science and technology
Hackers claiming to be behind a massive ransomware attack that affected hundreds of businesses have asked for $ 70 million in bitcoin to restore the data.
The attack was carried out on Friday and affects at least 200 companies in the United States.
A ransom note was posted on Sunday on a blog typically used by the REvil gang, a large Russian-speaking ransomware syndicate.
The group said, “We launched an attack on MSP providers. More than a million systems have been infected. If someone wants to negotiate a universal decryptor – our price is $ 70,000,000 in BTC and we will make the decryptor public.”
The group has an affiliate structure, making it difficult to determine who is speaking on behalf of the hackers, but Allan Liska of cybersecurity firm Recorded Future said the news was “almost certainly” from the core leadership of REvil.
The ransomware attack was one of the most dramatic in a series of increasingly attention-getting hacks.
The gang broke into Kaseya, a Miami-based information technology company, and used their access to crack some of its customers’ customers, creating a chain reaction that quickly paralyzed the computers of hundreds of companies around the world.
Cyber security experts blamed REvil for the attack, but the statement released on Sunday was the group’s first public recognition that it was behind it.
Mr Liska said he believed the hackers bit off more than they could chew.
“With all of their big speeches on their blog, I think this has gotten out of hand and is a lot bigger than they expected,” he said.
US President Joe Biden said Saturday his administration was not sure who was behind the attack, but he was did not rule out Russian participationt.
Experts assume that the attack was deliberately placed on the July 4th holiday weekend, when traditionally fewer IT employees are on duty.
Such cyberattacks typically infiltrate widespread software and spread malware while it is automatically updated.
It’s not yet clear how many Kaseya customers could be affected or who they could be, but the company has hired cybersecurity firm FireEye to help cope with the fallout.