Gangsters behind a giant cyberattack demand $ 70 million in Bitcoin

Ransomware illustration

Ransomware illustration

The gang behind the “huge” ransomware attack will pay $ 70 million (50.5 million) in Bitcoin in exchange for a “universal decryption feature” that states it will unlock the files of all victims. I requested a pound).

The REvil group claims that malware that initially targeted Kaseya, a US IT company, attacked a million “systems.”

This number has not been confirmed and the exact total number of victims is unknown.

However, it is included 500 Swedish co-op supermarket And 11 schools in New Zealand.

Two Dutch IT companies have also been hit, according to Local media coverage.

Count the victims

On Friday, cybersecurity firm Huntless Lab estimates About 200 companies were affected.

“Supply chain” attacks initially targeted Kaseya before it spread through software-based corporate networks.

Kaseya said less than 40 I was influenced by my customers.

However, because Kaseya provides software to managed service providers, the number of victims can be much higher as it outsources IT services to other companies.

And the number of individual computer systems within those victim organizations can be even higher.

Kaseya CEO Fred Voccola told The Associated Press The number of victims is probably in the thousands, consisting of small organizations such as dental clinics and libraries.

Analysis box by cyber reporter Joe Tydy

Analysis box by cyber reporter Joe Tydy

For hundreds, and perhaps thousands, of IT teams around the world, this ransomware attack has been a horrifying headache and continues to grow.

But the way the cybersecurity world has come together to reduce the impact of attacks has been amazing.

While both private and public sector cyber defenders are issuing alerts, experts are looking for the best way to unnet the victims.

Without busy and stressful weekend work, there could have been far more casualties.

However, prior to the attack, the secret digital doorway of the Kaseya system that invaded REvil hackers was known.

Researchers at the Dutch Institute for Vulnerability Disclosure discovered the problem and helped Kaseya close the hole long before hackers discovered it.

It’s an example of a good hacker competing to stop the invasion of a bad hacker, and as the lab states, “Unfortunately, we were beaten by REvil in the final sprint.”

This case shows how skilled, tenacious, and determined these criminals are, and despite all the efforts in the cybersecurity world, they are losing the competition with ransomware.

“This global crime scale and sophistication is rare, if not unprecedented,” said Professor Ciaran Martin, founder of the National Cyber ​​Security Center. He told Radio 4 Today’s program.

Most of REvil’s members are believed to be based in Russia or a country that was formerly part of the Soviet Union.

Professor Martin criticized Russia for providing a safe environment for ransomware hackers, but the West has made it too easy to pay for these gangs: “Of course, they I’m back more. “

Bitcoin illustration

Bitcoin illustration

Traceable bitcoin

Experts have expressed surprise at the group’s request that ransoms should be paid in Bitcoin, as opposed to difficult-to-track cryptocurrencies such as Monero.

On Twitter, Professor Martin called REvil’s decision to require payment in Bitcoin “strange.”

Earlier this month, the US Department of Justice announced that it had tracked and seized millions of dollars worth of Bitcoin paid to. The DarkSide ransomware group responsible for shutting down the colonial oil pipeline.

“Chasing money is one of the most basic yet powerful tools we have,” said Deputy Attorney General Lisa O. Monaco.

Tom Robinson, founder and chief scientist at Elliptic, which analyzes Bitcoin payments, said REvil individually about a small ransom of about $ 200,000, despite a $ 70 million demand to unlock everything. He told the BBC that he continued to negotiate with customers.

He said REvil preferred to use Monero, but for practical and regulatory reasons it would be difficult to buy $ 70 million in currency.

But he said, “more and more ransomware operators are looking for Monero.”

Posted on