- Advertisement -
Threats has emerged as Revil Ransomware Hackers demand for $70 million after having their way and inffecting million devices with Kaseya’s remote IT management software. Global ransomware attack: Details emerge how Kaseya software company was exploited by Russian REvil gang.
Three days after ransomware attackers started the holiday weekend by compromising Kaseya VSA, we have a clearer idea of how widespread the impact has been. In a new ransom demand, the attackers claim to have compromised more than 1 million computers, and demand $70 million to decrypt the affected devices. Kaseya’s software is used by Managed Service Providers to perform IT tasks remotely, but on July 2nd, the Russia-linked REvil ransomware group deployed a malicious software update exposing providers who use the platform, and their clients.
The Dutch Institute for Vulnerability Disclosure (DIVD) revealed that it appears the exploit used for the breach was same one they discovered and were in the process of addressing when the attackers struck. “We were already running a broad investigation into backup and system administration tooling and their vulnerabilities,” DIVD wrote. “One of the products we have been investigating is Kaseya VSA. We discovered severe vulnerabilities in Kaseya VSA and reported them to Kaseya, with whom we have been in regular contact since then.”
REvil was seeking $5 million payouts from the so-called managed service providers that were its principal downstream targets in this attack, apparently demanding much less – just $45,000 – from their afflicted customers.
But late Sunday, it offered on its dark website to make available a universal decryptor that would unscramble all affected machines if it’s paid $70 million in cryptocurrency. Some researchers considered the offer a PR stunt, while others thought it indicates the criminals have more victims than they can manage.