Hackers demand $94m to liberate data held by companies hit in mass cyber attack: Blog

WASHINGTON  - The hackers alleged to be behind a mass ransomware attack that affected hundreds of companies worldwide late on Sunday (July 4) have demanded US$70 million (S$94 million) to restore the data.

The demand was posted on a site typically used by the REvil cybercrime gang, a Russia-linked group that is counted among the cyber-criminal world’s most prolific extortionists. 

The gang has an affiliate structure, occasionally making it difficult to determine who speaks on the hackers’ behalf, but Mr Allan Liska of cyber-security firm Recorded Future said the message “almost certainly” came from REvil’s core leadership. 

The group has not responded to an attempt by Reuters to reach it for comment. 

REvil’s ransomware attack, which the group executed on Friday, was among the most dramatic in a series of increasingly attention-grabbing hacks. 

The gang broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients’ clients, setting off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide. 

Cyber-security experts swiftly blamed REvil for the attack.  Sunday’s statement was the group’s first public acknowledgement that it was behind it. 

An executive at Kaseya said the company was aware of the ransom demand but did not immediately return further messages seeking comment. 

Mr Liska said he believed the hackers had bitten off more than they could chew.  “For all of their big talk on their blog, I think this got way out of hand and is a lot bigger than they expected,” he said.

[[nid:531626]]

The White House said on Sunday it was reaching out to victims of the ransomware outbreak.

The full impact of the intrusion is still coming into focus, in part because the Kaseya software tool commandeered by the cyber criminals is used by so-called managed service providers, outsourcing shops that other businesses use to handle their back-office IT work, like installing updates.

One cyber-security executive said his company alone had seen 350 customers attacked.

The White House deputy national security adviser for cyber and emerging technology, Ms Anne Neuberger, said in a statement that the Federal Bureau of Investigation (FBI) and the Department of Homeland Security's cyber arm "will reach out to identified victims to provide assistance based upon an assessment of national risk".

United States President Joe Biden said on Saturday he directed US intelligence agencies to investigate who was behind the ransomware attack. Security firm Huntress Labs said on Friday it believed the Russia-linked REvil was to blame.

Last month, the FBI blamed the same group for paralysing meat packer JBS SA.