Hacking Group Behind Kaseya Ransomware Attack Posts Staggering Ransom Demand
On July 4th, we reported that the developing Kaseya ransomware incident might be much worse than initially thought. While it is still unclear exactly how many victims and encrypted devices there are, it was apparent that this is certainly a wide-reaching international incident. We also noted that REvil, the Russian-backed hacking group, had not mentioned the situation on its blog, until now.
Late in the evening on July 4th, REvil made a blog post about its Kaseya attack after much speculation. The group explained that the attack launched on July 2nd has since encrypted “more than a million systems.” However, it seems that this ransomware event is being treated differently than most, as the group is selling a “universal decryptor” for all victims rather than demanding money from each organization it may have infiltrated. Astoundingly, the starting price for this universal tool is a whopping $70,000,000 in Bitcoin, or approximately 2049 coins at current market valuation.
Sadly, the group did not give any more details about the attack or its intentions going forward. However, it is speculated that this is more of a test than anything, after the Biden administration has ramped up efforts against cybercrime. Similarly, organizations such as the Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) are now specifically recommending that people do not pay any ransom. Whether this is feasible and reasonable for some companies and organization in lieu of losing access to critical data remains to be seen, though.
Hopefully, it will not be long we will know more about this attack and its mitigations, outside of paying the ransom for companies who did not have proper backups and security. Furthermore, this proves as a harsh reminder that security incidents can happen to any person, company or organization, regardless of size; and thus, investment in cybersecurity is now essential more than ever.