The REvil group strikes again as it demands $70 million as a ransom for a recent cyberattack. The cyberattack consisted of a malware attack that had reportedly hit the US IT firm, Kaseya. However, the damage isn’t centered at the IT firm. According to the hacker group itself, their malware has affected over one million systems as of now. REvil is believed to be based in Russia with many of its members being formerly part of the Soviet Union.
The cyberattack initially hit Kaseya before spreading through their corporate network and the clients that use their software. Kaseya reported on their website that they were investigating a potential attack. The attack then spread to around 200 businesses and didn’t limit itself to US soil. Around 500 Coop supermarket stores in Sweden were forced to close down due to the colossal cyber attack. This might be the biggest cyberattack of 2021.
The supermarket was using software from Kaseya so basically, all of their clients were affected. According to Cyber researchers around 200 businesses have been affected. A spokesperson from Coop Sweden said that “We first noticed problems in a small number of stores on Friday evening around 6:30 pm so we closed those stores early. Then overnight we realized it was much bigger and we took the decision not to open most of our stores this morning so that our teams could work out how to fix it. “. They added that “The whole paying system at our tills and our self-service checkouts stopped working so we need time to reboot the system”.
The US Cybersecurity and Infrastructure Agency urged users of Kaseya’s software to shut them down and assured them that they were taking action to address the issue. UK’s National Cyber Security Centre also said that “We are aware of a cyber incident involving Kaseya, and we are working to fully understand its impact. Ransomware is a growing, global cyber threat, and all organizations should take immediate steps to limit risk and follow our advice on how to put in place robust defenses to protect their networks”.
The REvil group is demanding $70 million in exchange for a universal decryptor that will unlock the files of all of its victims. And not surprisingly, they are demanding to be paid in bitcoins. The popular cryptocurrency is hard to trace but it is not impossible. It’s actually weird to see REvil not demanding payment in other more difficult-to-trace cryptocurrencies. The US Justice Department announced last month that they had traced and seized millions of dollars worth of bitcoin that was paid to DarkSide.
You would remember DarkSide as the hacker group responsible for the Colonial Oil Pipeline attack. The attack prompted many other ransomware attacks to take place. According to Deputy Attorney General Lisa O. Monaco “Following the money remains one of the most basic, yet powerful tools we have”.