Cybercriminals Demand $70 Million In Massive Ransomware Attack
July 05, 2021
Suspected Russian-speaking cybercriminals behind what may be the
largest ransomware attack to date have demanded $70 million in
Bitcoin in exchange for a decryption tool as companies and
security experts continued to assess the extent of damage.
Cybersecurity experts believe thousands of victims in at least
17 countries may be impacted by the attack on U.S.-based firm
Kaseya, which provides information-technology (IT) services to
some 40,000 businesses around the world.
Fred Voccola, CEO of Kaseya, said only about 50-60 of the
company's customers were compromised. However, 70 percent were
so-called managed service providers who use the company's hacked
VSA software to manage multiple customers.
That means thousands of small and medium-sized businesses could
be impacted, Voccola said in an interview with the Associated
Press. Voccola declined to offer details of the breach except to
say that it was not phishing and that "the level of
sophistication here was extraordinary."
Cybersecurity experts say the REvil gang, a major
Russian-speaking ransomware syndicate, appears to be behind the
attack and it was no coincidence that it was launched at the
start of the U.S. Independence Day holiday weekend. Many victims
may not find out they have been hit until they reopen on July 5
The FBI and the U.S. Cybersecurity and Infrastructure Security
Agency are investigating and have asked companies to report the
incidents but warned that "the scale of this incident may make
it so that we are unable to respond to each victim
President Joe Biden has directed U.S. intelligence agencies to
investigate, and Anne Neuberger, White House deputy
national-security adviser for cyber and emerging technology,
said in a statement that the FBI and the Department of Homeland
Security "will reach out to identified victims to provide
assistance based upon an assessment of national risk."
One of the companies affected is the Swedish grocery chain Coop.
It was forced to close most of its 800 stores because the attack
crippled its cash register software. A Swedish pharmacy chain,
gas station chain, the state railway, and public broadcaster SVT
were also hit.
In the case of Coop, it was impacted because its IT
subcontractor is linked to Kaseya.
Germany's federal cybersecurity watchdog said an unidentified IT
service provider that looks after several thousand customers had
been hit. Two big Dutch IT services companies also were among
Ransomware attacks are carried out by hackers who break into
networks and spread malicious computer code used to encrypt a
victim's digital data. The data are unusable until the targeted
company pays the ransom.
A post on Happy Blog, a site on the dark web previously
associated with REvil, claimed responsibility for the attack and
said it had infected "more than a million systems," a claim that
couldn't be verified.
hackers said they would release a decryption to allow companies
to recover from the attack only if they were given $70 million
The FBI believes that REvil was behind a ransomware attack in
May on meat-processing giant JBS. The Brazil-based company ended
up paying $11 million in Bitcoin to the hackers.
Another high-profile ransomware attack in May targeted Colonial
Pipeline, which temporarily closed the largest U.S. gas
pipeline. U.S. law enforcement authorities said they recovered
most of the ransom paid to another criminal group, DarkSide, in
the pipeline case.
In June, Biden pressed Russian President Vladimir Putin during
their summit in Geneva about ransomware gangs allegedly
operating with impunity in Russia. Biden said he also told Putin
that the United States would respond if an investigation
determines that the Russian government is behind an attack.