WASHINGTON, July 5 (Reuters) – Hackers suspected of being behind a massive extortion attack that hit hundreds of businesses around the world on Sunday evening demanded $ 70 million to restore data which they are holding as ransom, according to a post on a dark website.
The request was posted on a blog typically used by cybercrime gang REvil, a Russian-linked group that is among the most prolific extortionists in the cybercrime world.
The gang has an affiliate structure, which at times makes it difficult to determine who is speaking on behalf of hackers, but Allan Liska of cybersecurity firm Recorded Future said the message “almost certainly” came from REvil’s main management.
The group did not respond to an attempt by Reuters to reach it for comment.
The REvil ransomware attack, which the group carried out on Friday, was one of the most dramatic in a series of increasingly eye-catching hacks.
The gang broke into Kaseya, a Miami-based information technology company, and used its access to rape some of its clients’ clients, setting off a chain reaction that quickly crippled the computers of hundreds of businesses. in the world.
A Kaseya executive said the company was aware of the ransom demand but did not immediately return further messages seeking comment.
A dozen different countries have been affected, according to a study published by cybersecurity firm ESET.
In at least one case, the disruption spilled over into the public domain when Swedish grocery chain Coop had to close hundreds of stores on Saturday because its cash registers were taken offline as a result of the attack. Read more .
Earlier Sunday, the White House said it was reaching out to victims of the outbreak “to provide assistance based on a national risk assessment.” Read more
The impact of the intrusion is still being felt.
Those affected included schools, small public sector agencies, travel and leisure organizations, credit unions and accountants, said Ross McKerchar, chief information security officer at Sophos Group Plc (SOPH.L) .
McKerchar’s company was one of many who blamed REvil for the attack, but Sunday’s statement was the group’s first public acknowledgment that it was behind the campaign.
Ransom-seeking hackers have tended to favor more targeted shakedowns against high-value single targets like the Brazilian Meat Packer JBS (JBSS3.SA), whose production was halted last month when REvil shut down. attacked its systems. JBS said it ended up paying the hackers $ 11 million.
Liska said he believed hackers bit more than they could chew by scrambling the data of hundreds of companies at once and that the $ 70 million request was an effort to get the most out of it. a delicate situation.
“For all of their big blogging discussions, I think it got out of hand,” he said.
Reporting by Raphael Satter; Editing by Kim Coghill, Robert Birsel
Our Standards: The Thomson Reuters Trust Principles.