By
Bena Ilyas
April 18th, 2024
As it is quite common for the majority of hackers, REvil is now demanding over $70M in Bitcoin to decrypt the infected machines.
On Friday, REvil, a Russian-based hacking group, brought business for over 200 companies based in the United States to a standstill. The REvil group now demands $70M in form of Bitcoin from the companies. On Saturday, Australia-based ABC News reported Kaseya, a software supplier, had been a target of the cybercrime. REvil used a network management package to spread ransomware through the cloud. The report further indicated that average payments made to the cyber bully group amounted to roughly $500,000 on average. John Hammond, a cyber-security professional from Huntress Labs was quoted saying that the gang appears to be behind the major cybercrime syndicate.
Assessments from other researchers seemed to confirm Hammond’s sentiments. Via a tweet, Mr. Hammond said that Kaseya provides a wide range of enterprise solutions for all sizes of businesses, making them a perfect target. Cyber-attacks of such magnitude are normally done using popular software to spread malware as the software updates automatically. Immediately after the attack, it wasn’t clear how many clients had been affected, forcing Kaseya’s clients to close servers following the company’s advice.
About Kaseya
REvil has been active for the last two years. The company’s primary business is to develop ransomware that paralyzes a network and then distributes it to affiliates who find targets who they extort after stealing a company’s data. The gang thrives on the stolen data as no company would want its secrets to be exposed to third parties or even competitors. Considering the big number the group targeted this time around, a number of cybersecurity experts think that it may be difficult for the group to successfully handle the negotiations for the ransom.
REvil and Its Demands in Bitcoin
As it is quite common for the majority of hackers, REvil is now demanding over $70M in Bitcoin to decrypt the infected machines. On Friday, the group boasted how they had successfully targeted managed service providers. The group further added that over a million machines had been infected. Two months ago, in May, the same group successfully attacked another company, Colonial Pipeline, and even managed to make $5 million from the cyber-attack. The company, Colonial Pipeline, had to give in after the restriction of its functionality, which eventually caused a major gas crisis in America.
Another notable victim is JBS Holdings, world’s biggest meat dealer by sales. On May 30, the company was forced to part with $11 million after a REvil attack. All attacks are done in a similar fashion and with the intention of disrupting business operations, which forces their victims to comply with their demands. The Wall Street Journal reported that the JBS Holdings attack left no footprints or traces of how REvil infiltrated the company’s system. The attack was similar to the one done on Colonial Pipeline, and based on forensics’ analysis; third parties weren’t affected by the attack. According to the chief executive of JBS, the ransom was paid to cushion the company against impacts of the attack and avoid interfering with operations.