Thursday, August 5, 2021
All countries COVID-19 Cases
201,010,829
Total confirmed cases
Updated on August 5, 2021 5:39 AM

REvil ransomware asks for $ 70 million to decrypt all victims of Kaseya attack

Must Read
- Advertisement -
Writer

REvil ransomware has set a price tag to decrypt all systems locked during the Kaseya supply chain attack. The gang wants $ 70 million in Bitcoin for the tool that allows all affected companies to recover their files.

Friday’s attack spread through Kaseya VSA’s cloud-based solution used by Managed Service Providers (MSPs) to monitor customer systems and for patch management.

Customers of multiple MSPs have been affected by the attack, the REvil ransomware that encrypts the networks of at least 1,000 companies worldwide.

In a post on his leak site, the threat actor says that they have blocked more than a million systems and are willing to negotiate a universal decryptor, starting at $ 70 million.

REvil asks for $ 70 million per universal decryptor in attack on Kaseya's supply chain

This is the largest ransom demand to date, the previous record also belongs to REvil, asking for $ 50 million after attacking Taiwanese computer and electronics maker Acer.

Previously, REvil ransomware asked MSPs for $ 5 million for a decryption tool and $ 44,999 ransomware from their clients.

However, the gang used multiple extensions when encrypting the files and the $ 44,999 lawsuit was to unlock files with the same extension, as negotiations with the victims show.

Ransom negotiation with a victim
Negotiating the ransom of evil

For victims who have locked files with multiple extensions after the REvil ransomware encryption, the gang’s demand can be as high as $ 500,000, BleepingComputer found.

REvil’s was able to carry out this massive attack by exploiting a zero-day vulnerability in the Kaseya VSA server that had been privately reported and was in the process of being fixed.

It turns out that researchers from the Dutch Institute for Vulnerability Disclosure (DIVD) reported the bug and Kaseya had created a patch that was being validated, the stage before delivering it to customers.

“In addition, partial patches were shared with us to validate their effectiveness. Throughout the process, Kaseya has shown that they were willing to put maximum effort and initiative in this case, both to fix this problem and to repair their customers” – Victor Gevers, DIVD chair

However, it appears that REvil hackers were also aware of the vulnerability and were able to exploit it before Kaseya released the patch to customers.

The full scope of this REvil ransomware attack remains unclear at this time, but the incident has drawn strong reactions from the police, with the FBI announcing that they are working with CISA during their investigation.

US President Biden also addressed the attack on Kaseya’s supply chain and ordered intelligence agencies to investigate the attack that affected hundreds of US companies.

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

SUGGESTED NEWS
- Advertisement -
Latest News

How Kendrick Lamar and the Lion King can help bridge the racial divide – Reason.com

In a world where diversity sessions in the workplace increasingly resemble the Maoist wrestling sessions, those...
- Advertisement -

More Articles Like This

- Advertisement -