Hacking group REvil is reportedly demanding $70 million in Bitcoin to provide a universal decryptor that will supposedly unlock all its victims’ files.
According to the group, its malware has impacted at least one million “systems”, with victims including 500 Swedish Coop supermarkets and 11 schools in New Zealand following the July 2nd attack.
The REvil malware attack had initially targeted the U.S. IT firm Kaseya. A report by cyber-security firm Huntress Labs estimates that almost 200 firms had been affected by the supply chain attack.
The nature of the attack saw the hackers go after the Kaseya system before attempting to infiltrate corporate networks that use its software.
After learning about the attack, Kaseya shut down its servers and began warning its customers. According to the company statement:
“While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability.”
REvil used its access to Kaseya systems to breach some of its clients’ clients data. The move resulted in a shutdown of the computers of hundreds of firms worldwide. About 12 countries are believed to have been hit by the attack.
REvil, which is a Russian-linked group, recently attacked meat supplier JBS. The company had to pay about $11 million to get its processing plants back online.
Amid the ransomware demand, the US government strongly discourages businesses from giving into the hackers. However, many businesses have no choice but to pay ransom because most of the data is vital to keeping operations running.