Photo by Nicolas Asfouri / AFP - Getty Images
The REvil ransomware gang claimed responsibility for the Kaseya attacks that have affected over 1,000 companies around the world and prompted an investigation of U.S intelligence agencies. To publish a universal public decryptor that will unlock all computers affected, the criminals demand a ransom of $70 million in bitcoin.
According to the Record, REvil posted a message claiming responsibility for the attack on its darkweb blog. Ransomware gang REvil, previously suspected of being behind the attack, posted a message accepting responsibility for the attack on its dark web blog. It claimed that over one million systems had been infected. Kaseya first reported the attack on Friday.
REvil, also known by Sodinokibi is a cybercriminal gang that used ransomware in order to target large companies like Apple and Acer. It recently attacked JBS, the largest meat processing company in the world. JBS paid $11 million in bitcoin to offset the fallout and protect its data.
We launched an attack against MSP providers on Friday, 02/07/2021. According to the Record, more than one million systems were infected by the REvil gang. We will publish publicly the decryptor of all victims files if anyone is interested in a universal decryptor. This will allow everyone to recover from an attack within an hour. Contact us via victims readme file instructions if you are interested in such a deal.
Kaseya spokesperson Dana Liedholm told Gizmodo Monday that the FBI, other independent groups, and the FBI had confirmed that REvil was responsible for the attack. The company is trusting these experts.
G/O Media could be eligible for a World of Warcraft 60 Day Time Card at Eneba. Use the promo code: 20210704
Liedholm stated that ransom is not something we will comment on as it is a criminal investigation.
The Kaseya ransomware attack is also known as a "software supply chain ransomware attack". This attack involves a cyber threat actor infiltrating a vendor's network and sending malicious code to compromise the software. Infected software can then cause damage to customers' data and systems. This type of attack was used by hackers to hack into major U.S. corporations and federal agencies.
Kaseya sells its products to managed services providers (or MSPs), which are companies that offer remote IT services to small businesses. Kaseya's VSA cloud platform is used by MSPs to manage, send and resolve software updates to these companies as well as other issues.
Initial reports in Kaseyas' case state that REvil had access to the company's backend infrastructure. It used this to send a malware update to VSA servers on client premises. According to the Record, the malicious update installed ransomware on all computers connected by the VSA server. This spread ransomware to other companies connected to the VSA system. However, details about the attack remain ambiguous and new information is constantly being added.
The Monday update was posted at 1 p.m. ET. ET stated that VSA servers on-premises should remain offline until Kaseya gives instructions to customers about when it is safe to resume operations. Fred Voccola, Kaseya CEO, stated that the company was aware of the incident and is working to remedy it.
REvils would pay $70 million to Kaseya and any other affected companies. This would be the largest ransomware payment.