The REvil gang has set a price of $70 million in Bitcoin for a universal decryptor that will allow all victims to recover their files encrypted in the recent wide-scale attack.
The attack was carried out through the Kaseya VSA cloud-based platform used by managed service providers (MSPs) to monitor customer systems and for patch management. It was confirmed so far that the REvil ransomware attack has affected over 1,000 businesses globally.
However, according to the threat actor, they have locked more than a million systems.
Over the weekend, REvil ransomware asked $5 million from managed service providers (MSPs) for a decryption tool and a ransom of $44,999 from their customers. The gang can demand up to $500,000 from victims whose files have multiple extensions following REvil’s encryption.
Now, instead of asking for separate small ransoms from victims, the hackers say they are willing to pay $70 million for a universal decryptor for all victims.
This is the biggest ransom demand to date. When REvil, the same, group, attacked Taiwanese computer maker Acer, they demanded a ransom of $50 million.
It is now known that REvil exploited a zero-day flaw in Kaseya VSA server. The researchers from the Dutch Vulnerability Institute, who discovered the flaw, stated that Kaseya has already been working on a patch for the issue when the attack hit.
“Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched,” said Victor Gevers, DIVD Chair.
Obviously, REvil affiliates also knew about the issue and exploited it before Kaseya was able to push the fix to the customers.
The FBI has confirmed that they are working with the CIA to investigate the full extent of REvil’s ransomware attack.