Hacking Group Revil Hits Hundreds Of US Firms With Ransomware

Ransomware attacks have been among the most popular ways for hackers to obtain money from companies, individuals, and all kinds of institutions around the world. Over the last several years, the world has seen some of the biggest ransomware attacks in history.

Now, another massive attack has taken place, with the hacking group known as REvil allegedly infesting over a million computers with ransomware. The group allegedly conducted an attack by using a network management package, provided by Kaseya — a global remote software supplier.

With the computers of over 200 different US companies infected, REvil is demanding a ransom of $70 million in Bitcoin in order to provide the affected companies with a decryption key. Otherwise, none of these firms will be able to break the encryption and access their files.

What is Known About the Attack?

REvil announced its attack on a dark web website called Happy Blog. It revealed that it had infected over a million machines across the globe, promising that it would unlock all of them if the ransom of $70 million in BTC is paid. However, it wasn’t long before it started negotiating individual ransoms, offering to change the amount to $5 million.

The blog post published by the group says that, if the total amount is paid, the group would publish the decryptor publicly that will fit all victims. It further noted that companies could make a full recovery in under an hour with the decryptor in their possession.

Given the size of the attack, this seems to be the largest ransomware attack on IT systems in history. The US authorities have already reacted to the incident, with the US President, Joe Biden, requesting that the FBI investigate matters. Furthermore, Biden also issued a warning to Russia, threatening ‘dire consequences’ should the investigation find that the country was in any way involved.

The attack itself appears to have happened on July 4th, the US’ national holiday. This may have been a coincidence, or a part of the hackers’ plan, given that the holiday weekend meant that there would be fewer people on duty, and unable to respond to the attack as soon as they noticed that something was wrong.

The list of companies that were affected is rather long, and it includes even IT systems in countries like the Netherlands and Sweden. However, it should also be pointed out that only a handful of Kaseya’s customers were directly affected. Other than that, the attack has had quite devastating consequences, bringing down numerous IT systems in as many as 17 different countries.

Huntress Labs’ senior security researcher, John Hammond, commented on the incident by saying that REvil attacked managed service providers with more than 1,000 endpoints by using Kaseya’s technology. According to him, the attack can only be described as ‘colossal and devastating,’ as the attack’s effects immediately spread to all of the providers’ customers, as soon as the providers themselves were affected.

REvil Steps Up its Activity in 2021

Many may also remember REvil from its recent attack on Colonial Pipeline earlier this year, in May. The group demanded a $5 million ransom to withdraw. Almost immediately after Colonial Pipeline, the group also hit JBS Holdings, which paid as much as $11 million to get the group to release the seized systems.

Despite the fact that Bitcoin transactions can typically be traced, the group took precautions to make it impossible to identify who they are. They used crypto mixers to hide the transaction and mix the coins they received through ransoms with other existing cryptos. After that, the coins were likely sent to a number of different addresses in order to make it even more difficult to track them down and identify the attackers.

Leave a Reply

Your email address will not be published.

Related Articles
Read More

El Salvador Makes Bitcoin Legal Tender: What it Means

Dizzying, right? The pace of innovation in #crypto is unprecedented. Development is lightning fast, and the disruptive trends therein are far-reaching. But that is secondary following news out of the multi-day Bitcoin 2021 Conference in Miami, Florida. In a recorded speech, Nayib Bukele, the President...
Read More

ThorChain And The $8 Million Hack – What Happened?

ThorChain recently suffered an attack where a hacker commissioned a custom contract to trick ThorChain’s Bifrost Protocol and caused it to receive fake assets in deposit. This marks the second incident on ThorChain, only that this time it cost them up to $8 million. In...