REvil admits to Kaseya attack and demands $70 million

Illustration of the article titled

photo: Nicholas Asfori/AFP (Getty Images)

The REvil ransomware group attributed the Kaseya attack to more than 1,000 companies worldwide and prompted survey By the US intelligence agency. The criminals demanded a ransom of $70 million in Bitcoin to release a public universal decryptor to unlock all affected computers.

According to reports recording, REvil posted a message on its dark web blog, acknowledging responsibility for the attack. The ransomware group that was suspected to be the culprit before it became public, It further explains the scale of the attack, Claiming that more than one million systems have been infected. Cassia Reported the attack last Friday.

REvil, also known as Sodinokibi, Is a notorious cybercrime group that uses ransomware to track big companies, including apple with Acer. Recently, it Targeted JBS, The world’s largest meat processing company, paid $11 million in Bitcoin to mitigate the impact of the attack and protect its data.

“Friday (July 2, 2021), we launched an attack on the MSP provider. According to the record, the REvil group stated that more than one million systems were infected. “If someone wants to negotiate a universal decryptor-our price is $70 million in BTC, we will publicly release the decryptor that decrypts all victim files, so that everyone can get from Recovered from the attack. If you are interested in this type of transaction-use the victim to contact usReadme file File description. “

Kaseya spokesperson Dana Liedholm, Gizmodo was told on Monday that the FBI and other independent groups confidently stated that REvil carried out the attack and that the company trusted these experts.

“Regarding the ransom, we will not comment on it because this is a criminal investigation and we cannot currently,” Lidholm said.

Kaseya attack is the so-called software Supply chain ransomware attack, Among them, cyber threat actors infiltrate the software supplier’s network and send malicious code to destroy the software before the supplier sends it to its customers.The infected software then affects the customer’s Data or system. Those hackers Software for SolarWinds Use this type of attack to infiltrate major U.S. federal agencies and companies.

At the same time, Cassia Sell ​​its products to managed service providers (MSPs), which provide remote IT services to hundreds of small businesses that do not have the resources to undertake these functions themselves. MSP uses Kaseya’s VSA cloud platform to manage and send software updates to these companies and solve other problems.

In Casea’s case, Preliminary report Statement REvil Gained access to the company’s back-end infrastructure and used it to send Update Malware is sent to the VSA server running on the client. The malicious update then installed ransomware from the VSA server on all connected computers, Record statusThis in turn spreads the ransomware to other companies connected to the VSA system. Nevertheless, the specific details of the attack are still uncertain, and the information is constantly changing.

In its Update on Monday At 1 pm Eastern Time, regarding this situation, Kaseya stated that all local VSA servers should continue to remain offline until customers receive instructions from Kaseya on when operations can be safely resumed. On Sunday, Kaseya CEO Fred Voccola stated that the company knew how the attack occurred and was remediating it.

If Kaseya or any other affected company pays REvil a ransom of $70 million, it will be the highest ransomware payment ever.


Leave a Reply

Your email address will not be published. Required fields are marked *