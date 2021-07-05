Gang behind huge cyber-attack demands $70m in Bitcoin

·3 min read
Illustration of ransomware
Illustration of ransomware

The gang behind a "colossal" ransomware attack has demanded $70m (£50.5m) paid in Bitcoin in return for a "universal decryptor" that it says will unlock the files of all victims.

The REvil group claims its malware, which initially targeted US IT firm Kaseya, has hit one million "systems".

This number has not been verified and the exact total of victims is unknown.

However, it does include 500 Swedish Coop supermarkets and 11 schools in New Zealand.

Two Dutch IT firms have also been hit, according to local media reports.

Counting victims

On Friday, cyber-security firm Huntress Labs estimated about 200 firms had been affected.

The "supply chain" attack initially targeted Kaseya, before spreading through corporate networks that use its software.

Kaseya said that fewer than 40 of its own customers had been affected.

But because Kaseya provides software to managed service providers, firms which themselves provide outsourced IT services to other companies, the number of victims may be much greater.

And the number of individual computer systems within those victim organisations could be greater still.

Kaseya chief executive Fred Voccola told the Associated Press that the number of victims would probably be in the low thousands, made up of small organisations such as dental practices and libraries.

Analysis box by Joe Tidy, Cyber reporter
Analysis box by Joe Tidy, Cyber reporter

For hundreds, perhaps thousands, of IT teams around the world this ransomware attack is a horrendous headache that is still growing.

But the way the cyber-security world has pulled together to reduce the impact of the attack has been incredible.

Cyber-defenders, both private and public sector, have been issuing alerts while experts work out how best to untangle the web of victims.

There could have been far more victims if it wasn't for a busy and stressful weekend of work.

However, we now know that the secret digital doorway in the Kaseya system that let in the REvil hackers was known about before the attack.

Researchers from the Dutch Institute for Vulnerability Disclosure found the problem and were helping Kaseya plug the hole long before the hackers found it.

It was a case of the good hackers racing to stop the bad hackers from getting in and, as the institute puts it: "Unfortunately, we were beaten by REvil in the final sprint."

This case shows how skilled, persistent and determined these criminals are, and that in spite of all the efforts of the cyber-security world, we are losing the race against ransomware.

"The scale and sophistication of this global crime is rare, if not unprecedented," Prof Ciaran Martin, founder of the National Cyber Security Centre, told Radio 4's Today programme.

Most of REvil's members are believed to be based in Russia or countries that were formerly part of the Soviet Union.

Prof Martin criticised Russia for providing a safe environment for ransomware hackers, but said that the West was making it too easy for these gangs to be paid and "unsurprisingly they are coming back for more".

Bitcoin illustration
Bitcoin illustration

Traceable Bitcoin

Experts have expressed surprise at the group's demand that the ransom should be paid in Bitcoin, as opposed to harder-to-trace cryptocurrencies such as Monero.

On Twitter, Prof Martin called REvil's decision to demand payment in Bitcoin, "weird".

Earlier this month the US Justice Department announced it had traced and seized millions of dollars worth of bitcoin paid to the DarkSide ransomware group, responsible for shutting down the Colonial Oil Pipeline.

"Following the money remains one of the most basic, yet powerful tools we have", said Deputy Attorney General Lisa O. Monaco.

Tom Robinson, founder and chief scientist of the firm Elliptic, which analyses bitcoin payments, told the BBC it had observed REvil continuing to negotiate with individual customers for smaller ransoms of about $200,000, despite the $70m request to unlock everything.

He said REvil preferred to use Monero, but it would be difficult to purchase $70m of the currency for practical and regulatory reasons.

But he said: "More and more ransomware operators are asking for Monero."

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting

Recommended Stories

  • Scale, details of massive Kaseya ransomware attack emerge

    Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit. An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. REvil was demanding ransoms of up to $5 million, the researchers said.

  • French champagne industry group fumes over new Russian champagne law

    France's champagne industry group blasted on Monday a new Russian law forcing foreign champagne producers to add a "sparkling wine" reference to the back of their bottles. The "Comite Champagne" (Champagne Committee) added in a statement that it was also calling on French and European Union diplomats to get the law changed. The law, signed by Russian President Vladimir Putin on Friday, requires all foreign producers of sparkling wine to describe their product as such on the label on the back of the bottle - though not on the front.

  • Bitcoin (BTC) Continues Consolidating Inside Range

    Bitcoin (BTC) did not move substantially in either direction last week, failing to assert the direction of the trend.

  • After Didi, China launches cybersecurity probe into more U.S.-listed firms

    BEIJING (Reuters) -China's cyberspace watchdog said on Monday it is investigating online recruiter Zhipin.com, and truck-hailing apps Huochebang and Yunmanman, ramping up a crackdown on the mainland's tech companies amid tightened regulations on data security. The announcement comes a day after the Cyberspace Administration of China (CAC) ordered a suspension of app downloads for Chinese ride-hailing giant Didi Global Inc, which went public in a U.S. listing last month. Full Truck Alliance, the result of a merger between Huochebang and Yunmanman, and Kanzhun Ltd, the owner of Zhipin.com, went public in the U.S. stock market last month.

  • Big Nikola Investor Sells Large Blocks of Stock

    Hanwha, an early investor in alternative-fuel truck maker Nikola, said in March it would sell shares. It didn’t sell any Nikola shares until June, after the stock rallied.

  • FTSE 100 muted as Morrisons takeover battle brews

    Morrisons' share price jumped more than 11% after private equity giant Apollo revealed it was considering making a bid.

  • Malaysia pledges to tackle forced labor after US downgrade

    Malaysia's government pledged Monday to take steps to eliminate forced labor after the country was downgraded by the U.S. to the worst level in an annual report on human trafficking. Human Resources Minister M. Saravanan said the government is taking the downgrade seriously and has ramped up efforts to battle human trafficking, including increased prosecution for companies involved in forced labor. The U.S. State Department’s annual “Trafficking in Persons” report, released July 2, cited the coronavirus pandemic as contributing to a surge in human slavery between 2020 and 2021.

  • Bill Cosby says Howard University 'must support one's Freedom of Speech' amid Phylicia Rashad backlash

    After Phylicia Rashad tweeted in support of Bill Cosby's release from prison, Howard University issued a statement disapproving of her comments.

  • China orders the removal of the Didi app from stores, accusing the ride-hailing company of illegally collecting personal data

    App stores will remove the Didi app as the company seeks to rectify what the government described as "serious violations of laws and regulations."

  • iPhone privacy settings: Top tips for securing your iOS device

    Because of the evolving nature of the digital threat landscape, constantly evaluating the state of your mobile device security is never a bad idea. New reports from cybersecurity firm Lookout as well as Verizon, for example, reveal a 37% increase in enterprise mobile phishing attacks. Additionally, phishing attacks were the top cause of data breaches … The post iPhone privacy settings: Top tips for securing your iOS device appeared first on BGR.

  • Third Olympian tests positive for COVID-19 in Tokyo

    One of Serbia’s five-member rowing team tested positive for COVID-19 upon arrival in Japan, an official said Sunday. This is the third visiting Olympian to test positive for the virus ahead of the games, which are set to begin later this month. Why it matters: Japan's government has faced heavy criticism for deciding to host the Olympic Games in spite of rising cases. Get market news worthy of your time with Axios Markets. Subscribe for free.A member of Uganda's Olympic team tested positive on a

  • Canada heatwave: Wildfires spread in British Columbia after lightning strikes

    Military aircraft are mobilised as fires burn across British Columbia following a record-breaking heatwave.

  • Charles Barkley jokes he might caddie for Bryson DeChambeau: ‘He has an opening right now’

    The fourth edition of "The Match" is Tuesday night and Charles Barkley is primed and ready for it.

  • Indonesia faces oxygen crisis amid worsening Covid surge

    The government has asked producers to prioritise medical oxygen as hospitals struggle to cope.

  • ‘Independence Day’ at 25: Four Things You May Have Forgotten About 1996’s Highest-Grossing Movie

    Some people like “Independence Day” for its campy take on “Close Encounters of the Third Kind”; or for its technical achievements, which won an Oscar and set director Roland Emmerich on the path for becoming the disaster director du jour; or for establishing Will Smith as the “King of the Fourth of July.” Other people […]

  • 20 years after 9/11, lawsuit against Saudis hits key moment

    As the 20th anniversary of the Sept. 11 terrorist attacks approaches, victims' relatives are pressing the courts to answer what they see as lingering questions about the Saudi government's role in the attacks. A lawsuit that accuses Saudi Arabia of being complicit took a major step forward this year with the questioning under oath of former Saudi officials, but those depositions remain under seal and the U.S. has withheld a trove of other documents as too sensitive for disclosure. The information vacuum has exasperated families who for years have tried to make the case that the Saudi government facilitated the attacks.

  • Jeff Bezos is retiring at 57 with $197 billion - 739,489 times the median American's retirement wealth

    Americans usually retire at 65 with a net worth of $266, 400 - but Amazon founder Jeff Bezos's situation is far from ordinary.

  • Target will shut its San Francisco stores at 6 p.m. to curb an 'alarming rise' in shoplifting

    Target stores in the city will close at 6 p.m. "We've been experiencing a significant and alarming rise in theft and security incidents," it said.

  • Death toll rises to 22 in Florida condo collapse; another Florida condo building deemed unsafe, evacuation ordered

    More bodies were pulled from the rubble on Friday, and the death toll from the Surfside condo collapsed rose to 22. Latest news.

  • The studio thought Will Smith would wreck Independence Day's global box office

    It’s not hard to peg Roland Emmerich and Dean Devlin’s Independence Day as the moment Will Smith went from “Will Smith, well-known rapper and potentially promising sitcom actor” to “Will Smith, no further qualifiers needed.” Building off the previous year’s Bad Boys, Independence Day transformed Smith into the go-to Hollywood blockbuster star of the next several years, comfortable with comedy and action alike. But, as revealed in a new Hollywood Reporter oral history of the film, it almost didn’