REvil ransomware has set a price tag to decrypt all systems locked during the Kaseya supply chain attack. The gang wants $ 70 million in Bitcoin for the tool that allows all affected companies to recover their files.
Friday’s attack spread through Kaseya VSA’s cloud-based solution used by Managed Service Providers (MSPs) to monitor customer systems and for patch management.
Customers of multiple MSPs have been affected by the attack, the REvil ransomware that encrypts the networks of at least 1,000 companies worldwide.
In a post on his leak site, the threat actor says that they have blocked more than a million systems and are willing to negotiate a universal decryptor, starting at $ 70 million.
This is the largest ransom demand to date, the previous record also belongs to REvil, asking for $ 50 million after attacking Taiwanese computer and electronics maker Acer.
Previously, REvil ransomware asked MSPs for $ 5 million for a decryption tool and $ 44,999 ransomware from their clients.
However, the gang used multiple extensions when encrypting the files and the $ 44,999 lawsuit was to unlock files with the same extension, as negotiations with the victims show.
For victims who have locked files with multiple extensions after the REvil ransomware encryption, the gang’s demand can be as high as $ 500,000, BleepingComputer found.
REvil’s was able to carry out this massive attack by exploiting a zero-day vulnerability in the Kaseya VSA server that had been privately reported and was in the process of being fixed.
It turns out that researchers from the Dutch Institute for Vulnerability Disclosure (DIVD) reported the bug and Kaseya had created a patch that was being validated, the stage before delivering it to customers.
However, it appears that REvil hackers were also aware of the vulnerability and were able to exploit it before Kaseya released the patch to customers.
The full scope of this REvil ransomware attack remains unclear at this time, but the incident has drawn strong reactions from the police, with the FBI announcing that they are working with CISA during their investigation.
US President Biden also addressed the attack on Kaseya’s supply chain and ordered intelligence agencies to investigate the attack that affected hundreds of US companies.