Russian Ransomware Group, REvil, Attacks 200 Firms, Demands $70 Million in Bitcoin

Russian-based ransomware group REvil has again attacked no less than 200 firms in its latest operation. The group is demanding a ransom of $70 million in Bitcoin as ransom to release the stolen data.

Firms Hacked Through Software Supplier Kaseya

According to Reuters, REvil targeted software supplier Kaseya and used its technology management software to spread the ransomware via the cloud. One of Kaseya’s tools, VSA, used by several firms, was encrypted with infected files, paralyzing hundreds of firms. “More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is $70 million in Bitcoin,” the ransomware group said as reported in a dark website, Happy Blog. Updating firms on the incident, Kaseya said it was working on a patch that would increase the security of its VSA server. It also advised its customers to continue to remain offline until it is safe to restore operations. Ransomware attacks by REvil have been constant these past few months. In May, the Russian group attacked a major pipeline firm, Colonial Pipeline, and received a $5 million ransom after spurring a gas crisis in the US. That same month, JBS Holdings, the world’s largest meat company, was also attacked by the same group, which led to an $11 million ransom payment. CNA Financial. CNA, one of the largest insurance companies in the US, reportedly paid $40 million in Bitcoin to restore access to its network after a ransomware attack.

Biden Taking Ransomware Attacks Seriously

Over the past few months, US president Joe Biden and his administration have taken a more serious stance on ransomware attacks. The US Department of Justice (DoJ) had previously said that it would start treating these attacks with the same urgency it treats terrorism. US Officials have spent the past few months scrutinizing these crimes while also tracing payments. Last month, the officials disclosed that they had recovered most of the $4.4m ransom paid to the hackers responsible for the Colonial Pipeline attack. In a bid to curtail these attacks, last month, President Biden also met with Russian President Vladimir Putin to discuss and proffer solutions. Biden had told Putin that if ransomware attacks continued and were found to be from Russia, there would be consequences. During a recent public appearance, Biden said that he had directed the US intelligence agencies to investigate the ransomware matter. Biden’s statements come after the US Department of State’s official Victoria Nuland spoke about the Colonial Pipeline hack. In a meeting with Salvadoran president Nayib Bukele, Nuland said the US State Department was taking a tough look at bitcoin due to the Colonial Pipeline ransomware hack.