Kaseya ransomware attack: Hackers demand $70 million ransom to restore data of affected companies, shows report
The hackers from the REvil gang made the demand in a blog, asking for $70 million in Bitcoin as ransom.
Hackers have demanded a ransom of $70 million in Bitcoin as ransom for restoring the data stolen by a ransomware attack on the US company Kaseya on Friday, which led to the closing of hundreds of Swedish supermarkets, according to news reports by agencies.
In a post on Happy Blog, a site on the dark web usually linked with the notorious Russian-based REvil cybercrime gang, the hackers claimed responsibility for the attack on Kaseya and also posted their demand for the ransom. They also said that upon receiving the $70 million in Bitcoin, they would post a decryption tool online with which “everyone will be able to recover from attack in less than an hour,” news agency AFP reported, citing the blog. HT has not individually verified the blog post.
Allan Liska of the cybersecurity firm said that the message “almost certainly” came from the core leadership of REvil as the affiliate structure of the gang makes it sometimes difficult to identify who communicates from the hackers’ side, according to a Reuters report.
Also read | Russian ransomware group strikes again, affects 800 stores in Sweden
What happened at Kaseya?
The network of Kaseya, a Miami-based Information Technology (IT) service provider, was breached by the hackers using which they accessed some of their clients’ clients. This was used to kick-off a chain reaction which then crippled many computers at hundreds of firms worldwide.
A company executive also said that they were aware of the demand for ransom without commenting further, Reuters reported without naming the executive.
Following the breach, Kaseya, on Sunday, said that the damage has been restricted to “a very small number of customers” using their VSA software in managing the network of computers and other resources such as printers from a single point. Also, it said that their servers were immediately shutdown on detecting the breach on Friday and warned its customers using VSA to do the same “to prevent them from being compromised,” according to news agency AFP. A tool to detect if the customers’ computers have been compromised was also released by the company.
Impact of the attack
More than 10 countries have been affected by the attack according to a report by the security researchers at ESET, an internet security company.
While much of the impact is yet to be uncovered, Swedish supermarket chain Coop was one of the high-profile customers impacted as a “majority” of their 800 stores still closed three days after the attack, the AFP reported. Kevin Bell, spokesperson for Coop, said that the situation was looking “positive compared to a few days ago” and the hack has paralysed the cash registers at the outlets. Also alternate payment methods have been used largely in those stores that had reopened after the attack, he further said.
(With inputs from agencies)
