REvil, a Russian hacking group, stopped business from over 200 American companies on Friday. The REvil group now demands $70M in form of Bitcoin from the companies. ABC News, Australia, reported that Kaseya (a software supplier) was a victim of cybercrime on Saturday. REvil used a network management program to spread ransomware across the cloud. According to the report, average payments to the cyberbullies group were approximately $500,000 per year. John Hammond, a Huntress Labs cyber-security specialist was quoted as saying that the gang appeared to be behind the major cybercrime syndicate.
Other researchers’ assessments seemed to support Hammond’s assertions. In a tweet, Hammond stated that Kaseya offers a wide variety of enterprise solutions to all sizes of businesses and makes them an ideal target. Cyber-attacks of this magnitude usually use popular software to spread malware, which is then automatically updated. It was not immediately clear how many clients were affected by the attack. Kaseya advised clients to shut down their servers.
IT Firm Kaseya
Since the beginning of 2012, REvil has been in operation. The company’s main business is to create ransomware that paralyzes networks and distributes it to affiliates. These affiliates then find targets to extort data from companies. Because no company wants its secrets exposed to competitors or third parties, the gang thrives off stolen data. Cybersecurity experts believe that the ransom negotiations may prove difficult due to a large number of victims this time.
Bitcoin as payment of Ransom
REvil now demands over $70M in Bitcoin in order to decrypt infected machines, as it is a common practice for hackers. The group claimed that they had targeted managed service providers and were now able to decrypt them. They claimed that more than a million computers had been infected. In May of last year, another company was attacked by the same group. They even made $5 million from the cyber attack. Colonial Pipeline had to surrender after being restricted in its functionality. This eventually led to a major gas shortage in America.
JBS Holdings is another notable victim. It was the largest meat dealer in the world by sales. After a REvil attack, the company was forced by May 30 to give up $11 million. Each attack is similar and aims to disrupt business operations. This forces victims to comply with their demands. The Wall Street Journal reported that the JBS Holdings attack left no footprints or traces of how REvil infiltrated the company’s system. Based on forensic analysis, the attack was identical to that of Colonial Pipeline. Third parties were not affected by it. The ransom was paid by JBS’ chief executive to protect the company from the effects of the attack and to prevent operations being disrupted.