REvil ransomware criminals demand US$70m for ‘universal decryptor
Russian hacker group REvil is demanding $70 million in bitcoin from victims of the supply chain attack it carried out Friday night. If the victims cough up that amount, the organization provides a universal decryption key or decryptor that gives the affected companies access to their IT systems and data again. Thousands of companies worldwide have been affected by the attack.
This was published by REvil on their site, which can be found on the dark web. This was reported by Twitter user DarkTracer.
REvil kills hundreds of supply chain attack
On Friday evening Dutch time, hacker collective REvil carried out a so-called supply chain attack. They were able to penetrate the corporate network of Kaseya, a major player in business IT application management software. Thousands of companies and organizations worldwide use Kaseya’s VSA program. By building a backdoor into the software, the hackers were able to unnoticed an unprecedented number of victims.
Dutch companies are also among the victims. Henny de Haas, director of technical service provider Hoppenbrouwers from Udenhout, told the Algemeen Dagblad last weekend that his company is doing everything it can to serve its customers. IT company VelzArt says it was also hit by the Russian hackers. There, too, they work with all their might to get their customers’ servers up and running again.
Z-CERT, the Computer Emergency Response Team for the healthcare sector, says on its site that it has currently not received any signals that Dutch healthcare institutions have been affected by the supply chain attack. Unfortunately, this does not apply to supermarket chain Coop in Sweden. Because the cash register system no longer worked, hundreds of branches were forced to close their doors.
Hackers are asking $70 million for a universal decryptor
REvil is making itself heard for the first time since the start of the supply chain attack. The hacker group has posted a short message on its website on the dark web. In it, she claims that “more than one million systems” have been affected by her attack.
“If anyone wants to negotiate a universal decryptor, our price is $70 million in bitcoin. Then we publish a universal decryption key, which releases all files of our victims. Everyone can then recover from the attack within an hour. Are you interested in a deal? Please contact us using the instructions in the readme file,” writes the Russian hackers.
Maasland: ‘Hackers worked smart’
Dave Maasland, director of cybersecurity company ESET, tells NOS that REvil is “the most professional gang when it comes to ransomware .” He doubts whether the number of one million affected computer systems is correct. According to him, there were about 2,000 servers using Kaseya’s VSA software. It is clear to him that this is the largest ransomware attack he has ever seen.
Maasland says that REvil’s hackers have been smart. “To enter the companies, they looked at which ‘toolbox’ the affected IT companies use, which software to perform remote maintenance.” As a result, the attackers managed to paralyze hundreds of companies worldwide in a short time. According to the security specialist, there is little that victims can do against these types of attacks.
Catch up on more articles here
Follow us on Twitter here