The hacker gang behind a wave of international crimes that unfolded over the weekend of July 4 said they had locked more than a million individual devices and demanded $ 70 million in bitcoins for them. release them all at once.
The gang, the Russia-connected REvil, is best known for previously hacking JBS, one of the world’s largest meat suppliers, briefly halting operations across much of North America. But the potential reach of this attack is unprecedented, some cybersecurity experts have said.
REvil started its madness on Friday by compromising Kaseya, a software company that helps businesses manage basic software updates. Since many of Kaseya’s customers are companies that run internet services for other businesses, the number of victims has increased rapidly. Instead of locking down an individual organization, as ransomware gangs typically do, REvil locked down each victimized computer as a stand-alone target and initially charged $ 45,000 to unlock each.
President Joe Biden told reporters Sunday that he “directed all the resources” of the government towards the investigation of the problem.
The Swedish grocery chain Coop is the biggest known victim; it closed most of its approximately 800 stores all day Saturday. Its records were checked online by Visma Esscom, a Kaseya customer, and locked and rendered unusable.
The exact number of infected systems is unknown, although the number is likely to be large. Cyber security firm Huntress, which contributes to Kaseya’s response, said it was aware of more than 1,000 companies that had been affected.
REvil’s claim that it has compromised over a million devices is impossible to prove, as few victims speak out in public and no government or business has a database of all people. affected. But that figure is plausible, said Mikko Hypponen, a researcher at cybersecurity firm F-Secure, given that this strain of ransomware infects each device individually.
“Think of a retail chain, like the grocery store retail,” Hypponen said. “Every checkout system is an endpoint. Every laptop. Everyone in sales has one system, multiple servers. Two hundred stores, 300 stores, they would have thousands of endpoints on their own. What if one Thousands of Coop-type businesses were infected, yes, you would have a million endpoints. “
Regardless of the actual number of victims, it’s extremely difficult to imagine victims banding together to pay together $ 70 million, said Allan Liska, analyst at cybersecurity firm Recorded Future.
“Despite the boast in their rating, I actually think it’s actually a sign that they’re overwhelmed,” Liska said.
One million victims paid $ 45,000 each would bring in $ 45 billion, he noted.
“They are getting down to $ 70 million,” he said.