Ransomware hacking group REvil took down more than 200 US firms on 4th July. The Russian-based REvil gang is now demanding bitcoin worth $70million in exchange for a decrypter for infected machines. Over 1 million machines are said to be infected, according to reports.
Revil has targeted a software company firm Kaseya. The hackers’ group utilized a network management package to spread the ransomware through the cloud.
The group said: “We launched an attack on MSP Providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70,000,000$ in BTC and we will publish publicly decryptor that decrypts files of all victims.”
The group has an affiliate structure making it difficult to predict who speaks on hacker’s behalf. Allan Liska from cybersecurity firm Recorded Future said the message “Almost certainly” came from Revil’s core leadership.
“On Friday, we launched an attack” on Managed service providers, a post from the dark web site Happy Blog reads, “More than a million systems were infected.”
The gang, the Russia-connected REvil, has previously hacked JBS Holdings, the world’s largest meat supplier. The company paid an $11 million ransom in a May 30 attack against it by the same group. Possibly the second biggest ransomware attack ever.
On Saturday, US President Joe Biden said that his government is unsure who was behind the attack but he “did not rule out Russian involvement.”In May, REvil attacked the Colonial pipeline and managed to get the company to pay $4.3 million. Though, The Justice Department of the US recovered $2.3 million from that.
