Skip to main content

REvil says it was behind huge ransomware attack

ransomware
(Image credit: Pixabay)

Cybercriminal syndicate REvil has claimed responsibility for the large-scale Kaseya ransomware attack, and is demanding the managed service provider (MSP) pay a record ransom fee.

As reported by The Record, the REvil gang made the announcement in a short notice published on the dark web. In the notice, the group says it infected thousands of machines and priced the decryption key at $70 million, to be paid in bitcoin. 

REvil says the decryption key will allow the victims to recover from the attack in “less than an hour” and all interested parties should reach out using the instructions provided.

Kaseya is a managed service provider which, according to multiple media sources, has approximately 37,000 customers. It was attacked this past weekend when the malicious actor gained access to VSA (Virtual Server Administrator) appliances installed on customer devices. Although not yet confirmed, it is suspected that the attackers used an exploit in the Kaseya VSA server for initial access.

Kaseya has not yet responded and it is difficult to estimate just how many devices were affected. The Record believes the number of affected companies could be in the thousands. 

It appears ransomware attacks against large organizations are growing more frequent and more devastating. Earlier this year, both JBS and Colonial Pipeline suffered major ransomware attacks, and so have Quanta, Brenntag, Acer and many others.