Russian-speaking hackers claim major ransomware attack which has hit hundreds of US companies | Science & Tech News | Sky News
Russian-speaking hackers claim major ransomware attack which has hit hundreds of US companies
The REvil gang, a Russian-speaking ransomware syndicate, has demanded $70m to restore the data.
Amar Mehta
Amar Mehta
News reporter @Amarjournalist_
Monday 5 July 2021 09:20, UK
CyberattacksUnited States
04 December 2019, Hessen, Darmstadt: IT security scientists are training in the "Cyber Range" room in the new "Athene" cyber security centre how infiltrated blackmail programs ("Ransomware") can be rendered harmless. The national research institute of the Fraunhofer-Gesellschaft, the Technical University and the Darmstadt University of Applied Sciences, which has been in existence since the beginning of the year, is intended to help ensure security and the protection of privacy in the face of in
Image:
The group have said they will release decryption information if their demands are met. File pic
Why you can trust Sky News
Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies have demanded $70m in Bitcoin to restore the data.
The attack was executed on Friday and has affected at least 200 companies in the United States.
On Sunday, a ransom demand was posted on a blog typically used by the REvil gang, a major Russian-speaking ransomware syndicate.
President Joe Biden visits the store at King Orchards fruit farm Saturday, July 3, 2021, in Central Lake, Mich. (AP Photo/Alex Brandon)
Image:
President Joe Biden had previously said he could not rule out Russian involvement in the attack
The group said: "We launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70 000 000$ in BTC and we will publish publicly decryptor."
The group has an affiliate structure, making it difficult to determine who speaks on the hackers' behalf, but Allan Liska from cybersecurity firm Recorded Future said the message "almost certainly" came from REvil's core leadership.
Advertisement
The ransomware attack was among the most dramatic in a series of increasingly attention-grabbing hacks.
ARTICLE CONTINUES BELOW THIS ADVERT
The gang broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients' clients, setting off a chain reaction that quickly paralyzed the computers of hundreds of firms worldwide.
More on Cyberattacks
Hundreds of US companies hit by 'devastating' ransomware attack, cyber experts say
Air India: At least 4.5 million people's data exposed following IT system hack
Cyber attack on US government: Biden accused Trump of failing on security
Cyber space will become 'most contested domain', warns UK security chief
Coronavirus: Cyber Security Centre handled record number of incidents over past year
Unit 74455: Russian hackers wanted by the FBI
Cybersecurity experts blamed REvil for the attack but the statement posted on Sunday was the group's first public acknowledgement that it was behind it.
Mr Liska said he believed the hackers had bitten off more than they could chew.
"For all of their big talk on their blog, I think this got way out of hand and is a lot bigger than they expected," he said.
US President Joe Biden said on Saturday that his government is not sure who was behind the attack but he did not rule out Russian involvement.
Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.
Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.
It is not yet clear how many Kaseya customers might be affected or who they might be but the company has hired cybersecurity company FireEye to help deal with the fallout.
The REvil gang, a Russian-speaking ransomware syndicate, has demanded $70m to restore the data.
Amar Mehta
Amar Mehta
News reporter @Amarjournalist_
Monday 5 July 2021 09:20, UK
CyberattacksUnited States
04 December 2019, Hessen, Darmstadt: IT security scientists are training in the "Cyber Range" room in the new "Athene" cyber security centre how infiltrated blackmail programs ("Ransomware") can be rendered harmless. The national research institute of the Fraunhofer-Gesellschaft, the Technical University and the Darmstadt University of Applied Sciences, which has been in existence since the beginning of the year, is intended to help ensure security and the protection of privacy in the face of in
Image:
The group have said they will release decryption information if their demands are met. File pic
Why you can trust Sky News
Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies have demanded $70m in Bitcoin to restore the data.
The attack was executed on Friday and has affected at least 200 companies in the United States.
On Sunday, a ransom demand was posted on a blog typically used by the REvil gang, a major Russian-speaking ransomware syndicate.
President Joe Biden visits the store at King Orchards fruit farm Saturday, July 3, 2021, in Central Lake, Mich. (AP Photo/Alex Brandon)
Image:
President Joe Biden had previously said he could not rule out Russian involvement in the attack
The group said: "We launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70 000 000$ in BTC and we will publish publicly decryptor."
The group has an affiliate structure, making it difficult to determine who speaks on the hackers' behalf, but Allan Liska from cybersecurity firm Recorded Future said the message "almost certainly" came from REvil's core leadership.
Advertisement
The ransomware attack was among the most dramatic in a series of increasingly attention-grabbing hacks.
ARTICLE CONTINUES BELOW THIS ADVERT
The gang broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients' clients, setting off a chain reaction that quickly paralyzed the computers of hundreds of firms worldwide.
More on Cyberattacks
Hundreds of US companies hit by 'devastating' ransomware attack, cyber experts say
Air India: At least 4.5 million people's data exposed following IT system hack
Cyber attack on US government: Biden accused Trump of failing on security
Cyber space will become 'most contested domain', warns UK security chief
Coronavirus: Cyber Security Centre handled record number of incidents over past year
Unit 74455: Russian hackers wanted by the FBI
Cybersecurity experts blamed REvil for the attack but the statement posted on Sunday was the group's first public acknowledgement that it was behind it.
Mr Liska said he believed the hackers had bitten off more than they could chew.
"For all of their big talk on their blog, I think this got way out of hand and is a lot bigger than they expected," he said.
US President Joe Biden said on Saturday that his government is not sure who was behind the attack but he did not rule out Russian involvement.
Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.
Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.
It is not yet clear how many Kaseya customers might be affected or who they might be but the company has hired cybersecurity company FireEye to help deal with the fallout.
