“REvil” paralyzes thousands of computers with a gigantic ransomware attack. Now the hacker group is demanding $ 70 million in Bitcoin.
It is arguably one of the biggest ransomware attacks in history. On Friday, the US IT company Kaseya reported that hackers were using the in-house service program VSA infected with ransomware. The system is used by numerous companies around the world to coordinate administrative tasks and updates on their own computers. The attackers paralyzed these functions with the ransomware attack. For example, they blocked accounting systems, which prompted the Swedish supermarket chain Coop 800 branches had to temporarily close. According to Kaseya, around 40 customers of the US company are affected. Because the infection spread like a domino to external devices, the number of infected companies increased to 1,000. German companies are among them.
However, there was no reference to the perpetrators on Friday. Now the hacker collective proclaimed “REvil” the attack in one Blog post for themselves. In it, the attackers demand a ransom totaling 70 million US dollars in Bitcoin. The exact origin of the hackers is unclear – but some suspect Russia as the basis of the operations. An indication: So far, no attacks have been carried out against Russian-speaking companies. The involvement of the Russian government is also uncertain. So said US President Joe Biden on Saturday during a performance in the US state of Michigan:
The initial consideration was that it wasn’t the Russian government, but we’re not sure yet.
US President Joe Biden on the ransomware attack on Kaseya
As a result, the President commissioned various national secret services to investigate.
REvil probably also responsible for the attack on the Colonial Pipeline
The last attack by the hackers was not that long ago. Two ransomware attacks caused a stir at the end of May when REvil first paralyzed the IT systems of the Brazilian meat manufacturer JBS and then the largest gasoline pipeline in the USA with ransomware. In both cases, the cyber criminals demanded Bitcoin ransom in the millions. JBS paid just under $ 11 million, while Colonial Pipeline was able to buy out for about $ 4.4 million. In the latter case, the FBI finally succeeded in seizing 63.7 Bitcoin.
In addition to the profitable income, the services of the hacker group are also for sale. REvil, for example, operates an affiliate program in which customers can acquire the skills of cyber criminals. The blackmailers share the amounts among themselves. It is therefore not always clear who the real masterminds are.
Again mirror reported, the security vulnerability at Kaseya has been known for some time. However, a corresponding patch has not yet been published. Accordingly, REvil had seized the opportunity and struck. It remains to be seen, however, whether the hackers can actually earn US $ 70 million. According to media reports, the hacking group is now said to have granted a “discount”. The new claim is therefore “only” at 50 million US dollars.
By the way, the topic of cybersecurity is also the subject of the this month Cryptocompass. It is about investigative methods used by law enforcement officers in the inter- and darknet – and how blockchain technology can help them.