The latest crippling cyberattack on the United States has been claimed by a group of Russian hackers, who demanded $70 million in bitcoin to restore the data of 200 U.S. companies and hundreds more worldwide over the holiday weekend. Earlier, REvil posted the demand on a dark website affiliated with the Russian-language group that attacked JBS.
Huntress CEO Kyle Hanslovan said on CNBC on Tuesday, June 6 that a ransomware attack that started with Florida-based Kaseya will not net the full $70 million its Russia-linked hackers are demanding.
In Hanslovan’s experience, if someone were to pay the ransom, it would be closer to the $40 [million] to $50 million ballpark, said the company he founded that has been seeking to help Kaseya post-breach.
“But I have yet to see any evidence that Kaseya plans to pay for the universal decryptor, which would be the one that can decrypt both their customers and their customers’ customers,” Hanslovan asserted on “Squawk Box.”
Reuters reported that Jack Cable of cybersecurity firm Krebs Stamos Group reported that one of the group’s affiliates had expressed a willingness to slash the price for a “universal decryptor” to $50 million in a private conversation. The hacker’s identity may be difficult to determine, but Cable said in his conversation that they are not “definitely attached” to their $70 million demand.
The ESET Nordics chief tech officer, Anders Nilsson, explained that this is the first time such a massively distributed attack has taken place. For the first time, a grocery has had difficulty processing payments, and this illustrates our vulnerability.”
Experts say the gang used network management software from Kaseya to spread the ransomware through cloud providers. Cash registers in hundreds of Coop stores in Sweden were locked after the breach. Several kindergartens and more than ten schools in New Zealand were also affected.
In addition to its headquarters in Miami, the company maintains offices in the U.S., Canada, Europe, and Asia.
“Everybody awoke to an attack that was synchronized. “It is kind of a one-to-many attack against managed service providers that impacts a lot of industries,” Hanslovan said, stressing that healthcare organizations, law firms, and even federal agencies have encountered similar attacks.
Ransom payments are controversial. Some officials, including the FBI, maintain ransoms encourage more crime since not all those paying a ransom actually receive a key to unlock their files.
Since late 2019, ransomware attacks have become more frequent and more severe, often breaking into victims’ systems using unsophisticated hacking methods. A common strategy used by cybercriminals is to send “phishing” emails to trick employees into clicking a link or downloading an attachment and inadvertently installing malware.
The case here seems to be different, however. The Dutch have found a vulnerability in the code used by the software company Kaseya earlier in the weekend. Hackers, however, seem to have discovered and exploited it before the researchers.
A spokeswoman for Kaseya confirmed via email that the company is cooperating with the researchers. There were multiple flaws exploited in the attack, including the one discovered by researchers, she said.