More than a thousand companies are affected by the cyberattack on the American software company Kaseya. REvil hackers are linked with Russia hacking group.
On July 2, Kaseya specialists recommended their customers to disable the software due to a possible attack, which was later confirmed. The company said that the hackers’ actions affected a small group of its customers, but the scale of the attack increased as the investigation progressed.
According to Bloomberg, hackers attacked eight companies providing IT support, and gained access to the networks of thousands of clients of these organizations.
“This is one of the most broadly impactful, non-nation state executed, attacks we have ever seen and it appears purely designed to extract money,” said Andrew Howard, chief executive officer of Switzerland-based Kudelski Security, a provider of managed cybersecurity services. “It is difficult to image a better way for an attacker to distribute malware than through trusted IT providers.”
Cybersecurity experts immediately assumed that the hacker group REvil was behind the attack. Later, Huntress Labs discovered on a darknet hacker site a ransom demand of $70 million in bitcoins for decrypting the files of all victims.
REvil has named its price. $70,000,000 USD in Bitcoin.
Attached image is directly from REvils website: pic.twitter.com/1kOxaKxraS
— vx-underground (@vxunderground) July 5, 2021
REvil (also known as Sodinokibi) is associated with the Russian Federation due to the fact that they do not attack Russian organizations or enterprises in the countries of the former USSR and often publish messages in Russian.
US President Joe Biden said he was not sure that the Russian authorities were involved in the attack on Kaseya. He also said that US intelligence agencies are investigating the incident.
Recall that in March, REvil encrypted the files of Acer and demanded to pay $50 million in Monero cryptocurrency, in April the group attacked the Apple.
In June, the world’s largest meat processing company, JBS, fell victim to REvil and paid hackers a ransom of $11 million in bitcoins.