The criminal group REvil, which has claimed responsibility for a global cyberattack security officials are calling one of the largest in history, has demanded $70 million in return for a tool it says will unlock all of the devices that have been hacked.
In a Sunday post on the group’s dark web site, REvil claims to have infected “more than a million systems” in a ransomware attack targeting Kaseya, a worldwide software company serving at least 200 U.S. businesses. Ransomware attacks allow criminals using malicious software to access someone’s computer and withhold that access until the criminals receive compensation. The attackers demanded $70 million in Bitcoin.
REvil, a criminal gang cybersecurity officials have linked to Russia, crippled the world’s largest meatpacking company, JBS, with a ransomware attack in early June. Within days of the attack, JBS paid hackers from REvil an $11 million ransom to unlock its systems.
President Joe Biden said Saturday he had “directed the full resources of the government” to respond to the attack on Kaseya, but in remarks made before REvil posted its ransom note, Biden said he was unsure of the Russian government’s involvement in the Kaseya attack. “The initial thinking was it was not the Russian government, but we’re not sure yet,” Biden said, adding he would be receiving an intelligence briefing about the attack on Sunday.
Cybersecurity officials and officials from Kaseya have said the full scope of the attack in the U.S. will be better ascertained on Tuesday, when most employees return to work after the July 4 holiday weekend.
In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because its cash registers weren’t working, according to SVT, the country’s public broadcaster. The Swedish State Railways and a major pharmacy chain were also affected.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, on Sunday urged anyone who believes their system is compromised to contact authorities through the Internet Crime Complaint Center.
The most recent ransomware attack was discovered on Saturday. The cybersecurity firm ESET reported victims in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico and Spain.