Skip to main content

Hackers Demand $70 Million in Ransomware Attack Hitting 200+ Companies

Bitcoin
(Image credit: Shutterstock)

Hacker group REvil has demanded $70 million in Bitcoin in exchange for the decryption key used to prevent more than 200 companies from accessing critical files and information.

The group's latest ransomware campaign struck on July 2 when an IT management solutions provider called Kaseya said it was investigating an attack on its VSA remote software monitoring and management tool. The company estimated that 40 of its customers were affected, but many of those businesses had clients of their own.

A security firm called Huntress Labs initially estimated that at least 200 companies were affected by the ransomware campaign. At the time of writing, the company has upped that estimate to say that it could be more than 1,000 affected organizations around the world, which makes this one of the largest ransomware campaigns to date.

BleepingComputer reported that REvil claims its campaign affected more than 1 million devices. The good news? The group also claimed all of those devices "will be able to recover from attack in less than an hour" because their files were encrypted using the same key. The bad news is, well, they want $70 million for that key.

That's a record high ransom, BleepingComputer said, beating the $50 million REvil previously demanded from Acer. The group also requested $50 million from Quanta Computer in exchange for stolen files related to upcoming Apple products in April, but it mysteriously dropped that demand a day before it was supposed to be paid.

President Joe Biden said over Independence Day weekend that he ordered an investigation into this ransomware campaign to determine if the Russian government was involved. Kaseya said that it's been in touch with the FBI, the Cybersecurity and Infrastructure Security Agency, and other federal agencies.

  • Heat_Fan89
    Yeah, yeah, yeah, just blame it on the Russians. Good one politicians. It's all about the money but just think that our public grid is also on the internet.
    Reply
  • jkflipflop98
    When these jokers hit a company like Google or Microsoft that employs some of the best programmers in the world - I always imagine some nerd in a cubicle somewhere smirking and cracking his knuckles before putting on a master class in what a real coder looks like.
    Reply
  • USAFRet
    jkflipflop98 said:
    When these jokers hit a company like Google or Microsoft that employs some of the best programmers in the world - I always imagine some nerd in a cubicle somewhere smirking and cracking his knuckles before putting on a master class in what a real coder looks like.
    The problem there would be that these "not really real coders" let it happen in the first place.

    Sony:
    https://en.wikipedia.org/wiki/Sony_Pictures_hack
    Netflix:
    https://www.her.ie/business/netflix-has-been-hacked-heres-how-to-check-if-your-account-is-affected-268027
    Microsoft:
    https://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/?sh=26f06fe64d1b
    Mercedes:
    https://www.cnet.com/roadshow/news/mercedes-benz-data-breach-customer-information/
    Yahoo:
    https://en.wikipedia.org/wiki/Yahoo!_data_breaches
    Reply
  • theusual
    I think we need some public executions for these offenders as a deterrent.
    Reply
  • ThatMouse
    We say animals attack, but is it really the fault of the animal?
    Reply
  • gdmaclew
    USAFRet said:
    The problem there would be that these "not really real coders" let it happen in the first place.

    Sony:
    https://en.wikipedia.org/wiki/Sony_Pictures_hack
    Netflix:
    https://www.her.ie/business/netflix-has-been-hacked-heres-how-to-check-if-your-account-is-affected-268027
    Microsoft:
    https://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/?sh=26f06fe64d1b
    Mercedes:
    https://www.cnet.com/roadshow/news/mercedes-benz-data-breach-customer-information/
    Yahoo:
    https://en.wikipedia.org/wiki/Yahoo!_data_breaches
    I could not agree with you more.
    Before I retired I worked for a large Canadian government department (10,000 clients) and we were very strict when it came to Backups and Backups of Backups.
    That included online Backups and offline Backups.
    I hear a lot of complaints about public servants but our group was the most dedicated and computer savvy bunch of "old coders".
    Real "old coders". Going right back to Assembler days. And we knew our stuff.
    I have no idea why some of this stuff is online in the first place - so you can open a valve from your desk?
    The sooner these networks are hardened, the faster we can put these cowards out of business.
    Didn't the US invent the Internet? (DARPA)
    Reply
  • USAFRet
    gdmaclew said:
    I have no idea why some of this stuff is online in the first place - so you can open a valve from your desk?
    Its not that the control systems are directly accessible.

    Rather the monitoring is fed out to regular systems.
    Once that network goes down, the whole thing needs to be taken offline, until it can be recovered from a backup, or a full reinstall. Which is NOT trivial.
    Things need to be brought back online in a specific order.
    Assuming there exists a proper backup scenario, and detailed, tested checklist of how to restart.

    2-3 days of downtime while everything is restarted == potential millions of $$.

    The question is - How did this ransomware get into the network to begin with?
    It does NOT happen randomly or via a driveby...some idiot opened something he shouldn't, or brought some crap from home.
    Reply
  • gdmaclew
    I agree.
    Plus network administrators and software vendors are not doing their job by using checksums to verify their updates.
    How else does something like the SolarWinds breach get distributed?
    It's all about accountability and over the last 30 years I've seen the bar get lower and lower.
    If everyone was doing their jobs to the utmost these things wouldn't be happening.
    Reply
  • PCMan75
    Having been a Windows developer for many years - I became deeply disappointed with Microsoft recently. I can understand how a single client pc can get infected - but having malware escalate it's privileges to domain admin (from a regular user) - there must be huge design-level failures (in Windows software) for it to happen.
    Reply
  • PCMan75
    Also, having worked for a couple of large companies recently - there're Windows domains and Exchange - but there's no CIFS anywhere: not only there aren't any Windows files servers present, but SMB functionality is disabled on all client systems. Mostly, HTTP-based file storage is enabled: Box, SharePoint, etc.
    Reply