Hacker group REvil has demanded $70 million in Bitcoin in exchange for the decryption key used to prevent more than 200 companies from accessing critical files and information.
The group’s latest ransomware campaign struck on July 2 when an IT management solutions provider called Kaseya said it was investigating an attack on its VSA remote software monitoring and management tool. The company estimated that 40 of its customers were affected, but many of those businesses had clients of their own.
A security firm called Huntress Labs initially estimated that at least 200 companies were affected by the ransomware campaign. At the time of writing, the company has upped that estimate to say that it could be more than 1,000 affected organizations around the world, which makes this one of the largest ransomware campaigns to date.
BleepingComputer reported that REvil claims its campaign affected more than 1 million devices. The good news? The group also claimed all of those devices “will be able to recover from attack in less than an hour” because their files were encrypted using the same key. The bad news is, well, they want $70 million for that key.
That’s a record high ransom, BleepingComputer said, beating the $50 million REvil previously demanded from Acer. The group also requested $50 million from Quanta Computer in exchange for stolen files related to upcoming Apple products in April, but it mysteriously dropped that demand a day before it was supposed to be paid.
President Joe Biden said over Independence Day weekend that he ordered an investigation into this ransomware campaign to determine if the Russian government was involved. Kaseya said that it’s been in touch with the FBI, the Cybersecurity and Infrastructure Security Agency, and other federal agencies.