REvil Gang Now Asking $70 Million For Decrypting All Kaseya Attack Victims

REvil Gang Now Asking $70 Million For Decrypting All Kaseya Attack Victims

The REvil gang has set a price of $70 million in Bitcoin for a universal decryptor that will allow all victims to recover their files encrypted in the recent wide-scale attack.

The attack was carried out through the Kaseya VSA cloud-based platform used by managed service providers (MSPs) to monitor customer systems and for patch management. It was confirmed so far that the REvil ransomware attack has affected over 1,000 businesses globally.

However, according to the threat actor, they have locked more than a million systems.

Over the weekend, REvil ransomware asked $5 million from managed service providers (MSPs) for a decryption tool and a ransom of $44,999 from their customers. The gang can demand up to $500,000 from victims whose files have multiple extensions following REvil’s encryption.

Now, instead of asking for separate small ransoms from victims, the hackers say they are willing to pay $70 million for a universal decryptor for all victims.

This is the biggest ransom demand to date. When REvil, the same, group, attacked Taiwanese computer maker Acer, they demanded a ransom of $50 million.

It is now known that REvil exploited a zero-day flaw in Kaseya VSA server. The researchers from the Dutch Vulnerability Institute, who discovered the flaw, stated that Kaseya has already been working on a patch for the issue when the attack hit.

“Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched,” said Victor Gevers, DIVD Chair.

Obviously, REvil affiliates also knew about the issue and exploited it before Kaseya was able to push the fix to the customers.

The FBI has confirmed that they are working with the CIA to investigate the full extent of REvil’s ransomware attack.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.