The REvil cybercrime gang, which is suspected to be behind the massive ransomware attack on as many as 1,000 companies have reportedly demanded a total of $70 million in ransom.
The Russia-linked group that has been in the crosshairs of the US cybersecurity establishment has demanded the payment in exchange of restoring the data they are holding ransom. The demand was made in a blog posting on a dark web site using a page usually used by the REvil cybercrime gang.
Almost Certainly REvil
According to Allan Liska of cybersecurity firm Recorded Future, the message on the dark web site "almost certainly" came from REvil's core leadership, Reuters reported. The agency said it tried to get in touch with the group, but it did not respond.
The hack was first reported on Sunday, when it was revealed that some 200 companies were targeted by the breach of a software management tool from Kaseya that companies use worldwide.
However, in a chilling update on Sunday it was revealed that as many as 1,000 US companies may have been targeted and compromised. According to cybersecurity firm Huntress Labs, the attack has affected some 1,000 companies. The signature software of Kaseya was manipulated to encrypt more than 1,000 companies, the cyber security firm said.
According to John Hammond, a senior security researcher with Huntress, the current attack was the handiwork of REvil, a Russian-speaking criminal syndicate. "Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi," Hammond said.
Kaseya Software Breached
REvil was blamed by the FBI in May for the ransomware attack on a Brazilian meat-packing conglomerate. The hack had disrupted meat processing and deliveries in the US, Canada and Australia.
The hackers breached Kaseya's software to compromise data of the clients of many organizations. The attack played out in more than a dozen different countries.
The companies affected include schools, small public-sector bodies, travel and leisure organizations, credit unions and accountants, Ross McKerchar, chief information security officer at Sophos Group Plc, told Reuters.
President Joe Biden has ordered US intelligence agencies to investigate who carried out the attack.
Biden did not make any direct accusations brought up the Russia angle while interacting with the press. He said the authorities were not certain who was behind the attack. "The initial thinking was it was not the Russian government but we're not sure yet," he said. He would rather leave it to the intelligence agencies to determine who was behind the attack, adding that action would be initiated if it was found that the Russians were behind it.
"If it is either with the knowledge of and/or a consequence of Russia then I told Putin we will respond," Biden said, drawing attention to summit talks with the Russian President in Geneva last month, in which Biden raised the issue of cyberattacks.