Hackers demand $94m ransom to restore data

The demand was posted by REvil cybercrime gang on their blog. ST PHOTO: KELVIN CHNG
Updated
Jul 06, 2021, 01:50 AM
Published
Jul 05, 2021, 12:46 PM

WASHINGTON (REUTERS) - Hackers suspected to be behind a mass ransomware attack that affected hundreds of companies worldwide have demanded US$70 million (S$94 million) to restore the data they are holding ransom, according to a post on the Dark Web.

The demand was posted on a blog typically used by REvil, a Russia-linked cybercrime group considered to be among the world's most prolific extortionists.

The gang has an affiliate structure, occasionally making it hard to determine who speaks on the hackers' behalf, but Mr Allan Liska of cyber-security firm Recorded Future said the message almost certainly came from REvil's core leadership.

REvil's ransomware attack, which the group executed last Friday (July 2), was among the most dramatic in a series of increasingly attention-grabbing hacks.

It broke into Kaseya, a Miami-based information technology firm, and used the access to breach some of its clients' customers, setting off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide.

A Kaseya executive said the firm was aware of the ransom demand.

About a dozen different countries were affected, according to research published by cyber-security firm ESET.

In at least one case, the disruption spilled out into the public domain when Swedish grocery store chain Coop had to close hundreds of stores last Saturday because its cash registers had been knocked offline.

On Sunday, the White House said it was reaching out to victims of the cyber attack "to provide assistance based upon an assessment of national risk".

Those hit include schools, small public-sector bodies, travel and leisure companies, credit unions and accountants, said Mr Ross McKerchar, chief information security officer at Sophos Group.

Mr McKerchar's company was one of several that blamed REvil for the attack, but Sunday's statement was the group's first public acknowledgement that it was behind the campaign.

Ransom-seeking hackers have tended to favour focused shakedowns against single, high-value targets like Brazilian meatpacker JBS, whose production was disrupted last month when REvil attacked its systems. JBS said it paid the hackers US$11 million.

Mr Liska said he believed the hackers had bitten off more than they could chew by scrambling the data of hundreds of companies at a time and that the US$70 million demand was an effort to make the best of an awkward situation.

"For all of their big talk on their blog, I think this got way out of hand," he said.

The Cyber Security Agency of Singapore told The Straits Times on Monday (July 5) that, for now, there have been no confirmed cases of any critical information infrastructure operators or Singapore firms in the country falling victim to the Kaseya cyber attack.

The agency also said on Facebook that it is "monitoring the situation closely and working with regional and international partners to understand the situation and to investigate the impact in Singapore".

Additional reporting by Kenny Chee

More On This Topic
White House reaching out with assistance to latest ransomware victims
Massive Russia-linked ransomware attack hits more than 1,000 companies

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top