The REvil crime group strikes again.
The REvil group has struck again, encrypting over one million systems and demanding a $70 million payment in Bitcoin to release the “universal decryptor” to unlock the encrypted files on every affected system.
Estimates put the total number of companies affected at around 200, some 40 of which were targeted through Kaseya, the managed service provider (MSP) thought to be at the center of this supply chain attack.
REvil Group Demands $70 Million Bitcoin Payment for Decryptor
Late on 2 July, 2021, reports of yet another major ransomware attack rippled across the internet. Around 30 MSPs were targeted, affecting hundreds of companies and, theoretically, millions of individual computers.
It quickly emerged that the notorious REvil crime syndicate was behind the ransomware attack, with the group demanding ransoms of up to $50,000 to unlock individual systems, with larger company-wide decryption keys offered for up to $5 million, with all payments taken in Bitcoin.
However, late on Sunday, 4 July, 2021, an update to the REvil dark website revealed that the criminal organization would deliver a universal decryption key to every affected business and organization—for the cool fee of $70 million.
REvil Hits 200 Businesses in Supply Chain Attack
According to a report seen by the BBC, around 200 US-based businesses have been hit with ransomware. The knock-on effect of the attack, however, has been much larger. Due to the nature of a supply chain attack, where the initial victim is often a stepping-stone to secondary victims, the REvil ransomware attack has multiple additional victims.
In Sweden, 500 Coop supermarkets were forced to close, along with 11 schools in New Zealand, and multiple other small incidents spread worldwide. According to Kaseya CEO Fred Voccola, the victims would mainly include “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”
It is thought that there are more victims, many of which are yet to report or disclose the ransomware breach or whether they have attempted to pay the ransom.
Dutch Security Researchers Reported Kaseya Zero-Day Vulnerability
In a final blow, security researchers from the Dutch Institute for Vulnerability Disclosure revealed that they contacted Kaseya previously regarding several zero-day vulnerabilities (tracked under CVE-2021-30116) under responsible disclosure guidelines.
The researchers worked with Kayesa, “giving our input on what happened and helping them cope with it. This included giving them lists of IP addresses and customer IDs of customers that had not responded yet, which they promptly contacted by phone.”
But the biggest takeaway is that Kayesa knew about the dangerous vulnerability before the REvil ransomware hit, which could become a major issue in the post-mortem process for the many companies affected.
When Governments Attack: Nation-State Malware Exposed
A cyberwar is taking place right now, hidden by the internet, its results rarely observed. But who are the players in this theater of war, and what are their weapons?
About The Author
(898 Articles Published)
Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and a regular product reviewer. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football.
From Gavin Phillips
Subscribe To Our Newsletter
Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!
One More Step…!
Please confirm your email address in the email we just sent you.