$70m Ransom Demand To Restore Hacked Data

Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies are now demanding $70m in Bitcoin to restore an organisation’s data. The demand was posted on a Reddit forum  typically used by the REvil cyber crime gang, thought to be a Russian group that is both  prolific and expert at ransomware-driven extortion.

The attack came to light on July 4th and has affected over 200 companies in the United States and other countries have been attacked as well. The gang broke into Kaseya, a Miami-based IT software firm and used their access to breach at least some of its clients networks, setting off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide.

REvil has even posted its statement on twitter saying “we launched an attack on MSP providers. More than a million systems were infected…our price is 70 million$ in BTC”.This is the group's first public acknowledgement that it was behind the attacks. The group is understood to has a loose affiliate structure, making it difficult to determine who speaks on the hackers' behalf. 

Downplaying the impact,  spokesperson for Dell's threat intelligence unit Secureworks commented “We are not seeing significant impact across our customer base. Less than ten organisations appear to have been affected, and the impact appears to have been restricted to systems running the Kaseya software... We have not seen evidence of the threat actors attempting to move laterally or propagate the ransomware through compromised networks. That means that organisations with wide Kaseya VSA deployments are likely to be significantly more affected than those that only run it on one or two servers.

Based on the information released to date it appears that the breach of Kayesaq was an orchestrated attack against a subset of Kaseya VSA clients who manage IT service providers (MSPs). 

“The evidence we have does not indicate that Kaseya's software update infrastructure has been compromised. That does mean that, while we have seen limited impact across our customer base, there may be larger clusters of victims elsewhere based on use of common MSPs.” Securworks say.

Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.

SecureWorks:         Economic Times:      Technology Inquirer:      Sky:    ABS-CBN:    The Record:   Satnam Narang:

You Might Also Read:

Ransomware Attack Protection:

 

« Technical Debt Is A Serious Threat To Innovation
Swedish Supermarkets Closed Down By US Ransomware Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

Center for Cyber Safety and Education

Center for Cyber Safety and Education

The Center for Cyber Safety and Education works to ensure that people across the globe have a positive and safe experience online through our educational programs, scholarships, and research.

Cancom

Cancom

CANCOM group is one of the leading providers of IT infrastructure and IT services in Germany and Austria. Solution areas include network security.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

FTCYBER

FTCYBER

FTCYBER offers the latest technology and data recovery services to identify and extract data from computers and other digital devices.

Darknone Global

Darknone Global

Darknone is a consortium of elite hackers and security leaders united by an unbridled passion for augmenting the security of the digital realm.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.