The ransomware gang REvil took credit for the Kaseya attack that affected more than 1,000 companies worldwide and provoked an investigation by US intelligence agencies. Criminals are demanding a $ 70 million ransom in bitcoin to publish a universal public policy that will unlock all affected computers.
As reported by u Record, REvil posted a message accepting responsibility for the attack on its dark web blog. The ransomware gang, which had been suspected of being the culprit before it became public, it also shed more light on the supposed scale of the attack, saying more than a million systems have been infected. Kaseya reported the attack last Friday.
REvil, also known as Sodinokibi, is a famous cybercriminal gang that has used ransomware to go after big name companies, including Apple and Acer. Less, it is Intended for JBS, the world’s largest meat processing company, which paid it $ 11 million in bitcoin to mitigate the repercussions of the attack and protect its data.
“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems have been infected,” the REvil gang said, according to the Record. “If anyone wants to negotiate on the universal decipherer – our price is $ 70,000,000 in BTC and we will publicly publish a decipherer that decrypts the leaves of all victims, so everyone can recover from the attack in less than an hour. are you interested in this matter – contact us using the victims’readme ‘ instruction file. “
Dana Liedholm, Kaseya’s spokeswoman, he told Gizmodo on Monday that the FBI and other independent groups had said with confidence that REvil had carried out the attack and that the company had confidence in these experts.
“As for the rescue we are not commenting on this because it is a criminal investigation and we cannot at this time,” Liedholm said.
The Kaseya attack is what is known as software supply chain ransomware attack, in which a computer threat actor infiltrates a software vendor’s network and sends malicious code to compromise the software before the vendor sends it to its customers. Infected software then affects customers data or systems. The pirates that software for SolarWinds he used this type of attack to infiltrate major U.S. federal agencies and corporations.
Meanwhile Kaseya, it sells its products to managed service providers, or MSPs, which are companies that provide remote IT services to hundreds of smaller companies that do not have the resources to assume the same functions themselves. MSPs use Kaseya’s VSA cloud platform to manage and send software updates to these companies and resolve other issues.
In the case of Kaseya, initial reports will say that REvil he gained access to the company’s backend infrastructure and used it to deliver an update with malware for VSA servers running on clients’ premises. The malicious update installed the ransomware from the VSA server on all connected computers, in state Record. This, in turn, spread the ransomware to other companies that were connected to VSA systems. However, the specifics about the attack are still uncertain, and information is constantly evolving.
In his Monday update at 1 a.m. ET on the situation, Kaseya said all local VSA servers should continue to be offline while customers receive instructions from Kaseya on when it is safe to resume operations. On Sunday, Kaseya CEO Fred Voccola said the company knew how the attack had happened and that it was remedying it.
If Kaseya, or one of the other interested companies, paid the $ 70 million ransom from REvil, it would be the highest ransomware payment ever made.