REvil demands $70M to end Kaseya ransomware attack

Posted:
in General Discussion edited July 5
Russia-linked ransomware gang REvil on Sunday claimed responsibility for the recent hack of IT management firm Kaseya, an attack that impacted more than a thousand companies around the world.

Kaseya
Source: The Record


In a post to its dark web blog, REvil took credit for the hack and said it will release a universal decryptor to unlock all affected computers for $70 million in Bitcoin, The Record reports. The group invited interested parties to make contact for negotiations.

"On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal - contact us using victims "readme" file instructions," REvil said in the post.

Intelligence agencies investigating the case believed REvil to be behind the attack, though they lacked confirmation until Sunday. The hacking group previously targeted meat processing company JBS and in April threatened to leak "confidential drawings of personal data with several major brands" after hacking systems owned by Apple supplier Quanta. JBS paid an $11 million ransom to protect its data, while Quanta was at one point in talks to pay out $20 million.

As noted by Gizmodo on Monday, REvil's Kaseya hack last Friday is known as a supply chain ransomware attack, meaning malicious code is inserted into a software vendor's network and subsequently distributed to customers.

REvil is thought to have leveraged an exploit in Kaseya's VSA cloud platform to gain access to customers' VSA appliances, which managed service providers (MSPs) use to provide remote support and software update support to smaller businesses. VSA platforms are also used by larger businesses to manage remote computer fleets.

According to The Record, REvil used the VSA access to deliver a malicious payload that encrypted local files on all connected computers.

In an update on Monday, Kaseya said it knew how the attack occurred and was working to fix the issue. The company instructed all customers to keep VSA servers offline until further notice.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

Comments

  • Reply 1 of 17
    roakeroake Posts: 762member
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    GeorgeBMacwatto_cobra
  • Reply 2 of 17
    pascal007pascal007 Posts: 107member
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 
    edited July 6 muthuk_vanalingambloggerblogapplguyStrangeDays
  • Reply 3 of 17
    sflocalsflocal Posts: 5,728member
    pascal007 said:
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 
    You’re right.  It should be an explosive device under their car and set to go off remotely to minimize casualties.  Enough of those go off against their key members and they will know they’re a target.
    watto_cobra
  • Reply 4 of 17
    bloggerblogbloggerblog Posts: 2,072member
    sflocal said:
    pascal007 said:
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 
    You’re right.  It should be an explosive device under their car and set to go off remotely to minimize casualties.  Enough of those go off against their key members and they will know they’re a target.
    If you can locate their cars you can locate them, a humiliating arrest and lifetime imprisonment would be much more effective endgame, it’ll set an example to others planning to do the same.
    muthuk_vanalingamwatto_cobra
  • Reply 5 of 17
    GeorgeBMacGeorgeBMac Posts: 10,264member
    pascal007 said:
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 

    OK -- Russians have been attacking us since 2016.  Enough that I'm losing count: Is it 5 or 6 attacks now?  
    What does it take to get us to respond?

    20 years ago Afghanistan harbored people who attacked us.  We went to full scale war with them (yeh, we kind of lost that war -- but we made our point).  But, with Russians attacking us on an ongoing basis, it's time to respond (and we have a full range of options on how to respond - it doesn't have to be missles -- we could take out a few of their systems -- just like Biden threatened to do.)

    BTW:  Putin is telling the truth when he says the Russia has not attacked us.   The Russian government didn't.   But Putin's shills did -- and Putin supports and protects them.
    watto_cobra
  • Reply 6 of 17
    bluefire1bluefire1 Posts: 1,153member
    These attacks will continue, and likely get worse until there’s an effective  response from Biden & Co.
    GeorgeBMacwatto_cobra
  • Reply 7 of 17
    pascal007 said:
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 

    OK -- Russians have been attacking us since 2016.  Enough that I'm losing count: Is it 5 or 6 attacks now?  
    What does it take to get us to respond?

    20 years ago Afghanistan harbored people who attacked us.  We went to full scale war with them (yeh, we kind of lost that war -- but we made our point).  But, with Russians attacking us on an ongoing basis, it's time to respond (and we have a full range of options on how to respond - it doesn't have to be missles -- we could take out a few of their systems -- just like Biden threatened to do.)

    BTW:  Putin is telling the truth when he says the Russia has not attacked us.   The Russian government didn't.   But Putin's shills did -- and Putin supports and protects them.

    Hmm, that is very interesting. Now, can you tell us, are the Russians in the room with us right now?

    In all seriousness, can we all employ some critical thinking here? We spent 3-4 years with establishment politicians and intelligence agencies telling us they have "proof" Trump was a 'russian agent,' then, the conclusion of the largest and most expensive investigation of its kind found no evidence of collusion.

    Anyway, I think it's important for us to consider all options regarding these strangely-timed cyper-attacks, and not just accept the establishment narrative on its face.

    By the way, I wouldn't count on Quid Pro Joe Biden to do anything about putin. After biden cancelled the keystone pipline in the US, he approved Russia's pipeline through germany.

    watto_cobra
  • Reply 8 of 17
    roakeroake Posts: 762member
    I stand corrected.  It shouldn’t be Hellfire missiles.  It should be Tomahawks.

    In all actuality, these groups are declaring war on Western governments whether they intend to or not.  These governments are not going to simply let hackers disable their infrastructure and blacken their eyes.  There will be some silent ops Clancy-style violence going down, and these groups will fade to black.
    watto_cobra
  • Reply 9 of 17
    In Sweden a big grocery store chain that have about 1/4 of the market have been affected. They have not be able to sell any food since Friday. I kinda think Sweden should try to send all their secret agents to try to assassinate these people, this is horrible! People can’t buy food! At least Sweden should step up their cyber security force. 
    watto_cobra
  • Reply 10 of 17
    splifsplif Posts: 607member
    pascal007 said:
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 

    OK -- Russians have been attacking us since 2016.  Enough that I'm losing count: Is it 5 or 6 attacks now?  
    What does it take to get us to respond?

    20 years ago Afghanistan harbored people who attacked us.  We went to full scale war with them (yeh, we kind of lost that war -- but we made our point).  But, with Russians attacking us on an ongoing basis, it's time to respond (and we have a full range of options on how to respond - it doesn't have to be missles -- we could take out a few of their systems -- just like Biden threatened to do.)

    BTW:  Putin is telling the truth when he says the Russia has not attacked us.   The Russian government didn't.   But Putin's shills did -- and Putin supports and protects them.

    Hmm, that is very interesting. Now, can you tell us, are the Russians in the room with us right now?

    In all seriousness, can we all employ some critical thinking here? We spent 3-4 years with establishment politicians and intelligence agencies telling us they have "proof" Trump was a 'russian agent,' then, the conclusion of the largest and most expensive investigation of its kind found no evidence of collusion.

    Anyway, I think it's important for us to consider all options regarding these strangely-timed cyper-attacks, and not just accept the establishment narrative on its face.

    By the way, I wouldn't count on Quid Pro Joe Biden to do anything about putin. After biden cancelled the keystone pipline in the US, he approved Russia's pipeline through germany.


  • Reply 12 of 17
    MplsPMplsP Posts: 3,246member
    Let me guess - they want payment in Bitcoin. Time to ban bitcoin - take away the crooks’ currency and it becomes much harder for them to operate. 
    watto_cobra
  • Reply 13 of 17
    GeorgeBMacGeorgeBMac Posts: 10,264member
    pascal007 said:
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 

    OK -- Russians have been attacking us since 2016.  Enough that I'm losing count: Is it 5 or 6 attacks now?  
    What does it take to get us to respond?

    20 years ago Afghanistan harbored people who attacked us.  We went to full scale war with them (yeh, we kind of lost that war -- but we made our point).  But, with Russians attacking us on an ongoing basis, it's time to respond (and we have a full range of options on how to respond - it doesn't have to be missles -- we could take out a few of their systems -- just like Biden threatened to do.)

    BTW:  Putin is telling the truth when he says the Russia has not attacked us.   The Russian government didn't.   But Putin's shills did -- and Putin supports and protects them.

    Hmm, that is very interesting. Now, can you tell us, are the Russians in the room with us right now?

    In all seriousness, can we all employ some critical thinking here? We spent 3-4 years with establishment politicians and intelligence agencies telling us they have "proof" Trump was a 'russian agent,' then, the conclusion of the largest and most expensive investigation of its kind found no evidence of collusion.

    Anyway, I think it's important for us to consider all options regarding these strangely-timed cyper-attacks, and not just accept the establishment narrative on its face.

    By the way, I wouldn't count on Quid Pro Joe Biden to do anything about putin. After biden cancelled the keystone pipline in the US, he approved Russia's pipeline through germany.

    First, yes, they probably are in "the room with us right now" -- or at least in our servers.  In one of their attacks (that got to 18,000 government & private systems) they were in there long enough undetected to have planted code to extend their control.

    Second, Trump was never called a "Russian Agent".  He was designated a "Russian Asset" which is not the same.  And, you're not quite correct that there was insufficient evidence to convict him of "collusion".   Rather there was insufficient evidence to convict him of "Criminal Conspiracy" -- Possibly because of the ten counts of obstruction of justice levied against him.

    And, no, Biden owes Putin no favors:   the conspiracy theory touted by Trump that got him impeached the first time originated in Russia to attack and undermine Trump's opponent:  Joe Biden.

    And, approving that pipeline was a favor to Germany, not Russia (although it does help both).  

  • Reply 14 of 17
    GeorgeBMacGeorgeBMac Posts: 10,264member
    roake said:
    I stand corrected.  It shouldn’t be Hellfire missiles.  It should be Tomahawks.

    In all actuality, these groups are declaring war on Western governments whether they intend to or not.  These governments are not going to simply let hackers disable their infrastructure and blacken their eyes.  There will be some silent ops Clancy-style violence going down, and these groups will fade to black.

    One would hope.   But I'll wait for some evidence that there is a concerted effort to either defend ourselves or to take out the attackers.

    Biden's ultimatum to Putin to make sure his hackers stayed away from a few specific U.S. systems may have been start.   But it's far from adequate.

    For myself, I would rather see us pour money into cybersecurity than more F35s (or a replacement for the F22).  Those planes defend others (not us) while we suffer cyber attacks here in the homeland.  But, I wonder if we are able to defend ourselves?   So far we look pretty vulnerable.
  • Reply 15 of 17
    GeorgeBMacGeorgeBMac Posts: 10,264member
    In Sweden a big grocery store chain that have about 1/4 of the market have been affected. They have not be able to sell any food since Friday. I kinda think Sweden should try to send all their secret agents to try to assassinate these people, this is horrible! People can’t buy food! At least Sweden should step up their cyber security force. 

    My understanding is that that Swedish attack came through an American Company they used and that was actually the one hacked.
  • Reply 16 of 17
    GeorgeBMacGeorgeBMac Posts: 10,264member
    MplsP said:
    Let me guess - they want payment in Bitcoin. Time to ban bitcoin - take away the crooks’ currency and it becomes much harder for them to operate. 

    There seems to be a lot of reasons to do so.   But so far nada....
    ...  Very curious....
    ------------------------------------------------------
    added:
    Actually, it may be going in the opposite direction.   According to today's CNBC:

    Visa says crypto linked card usage tops $1 billion in first half of 2021

    • Visa CFO Vasant Prabhu told CNBC, “We are doing a lot to create an ecosystem that makes cryptocurrency more usable and more like any other currency.”
    • Visa is currently partnered with Coinbase, Circle and BlockFi to allow its cards to access crypto wallets on those platforms.
    • Visa said digital payments such as cryptocurrency have the potential to disrupt $18 trillion of annual consumer spending with cash and checks.


    edited July 7
  • Reply 17 of 17
    StrangeDaysStrangeDays Posts: 11,561member
    splif said:
    pascal007 said:
    roake said:
    A few properly place Hellfire missiles from an affected country would bring this type of activity to a stop pretty fast.
    No, it wouldn’t. And it would be the equivalent of a declaration of war against another country while the perpetrators of the crime are not acting in the country’s name but for themselves.

    The perpetrators can easily move from one area to another. The missile attack would simply end up killing civilians that have nothing to do with the crime. 

    OK -- Russians have been attacking us since 2016.  Enough that I'm losing count: Is it 5 or 6 attacks now?  
    What does it take to get us to respond?

    20 years ago Afghanistan harbored people who attacked us.  We went to full scale war with them (yeh, we kind of lost that war -- but we made our point).  But, with Russians attacking us on an ongoing basis, it's time to respond (and we have a full range of options on how to respond - it doesn't have to be missles -- we could take out a few of their systems -- just like Biden threatened to do.)

    BTW:  Putin is telling the truth when he says the Russia has not attacked us.   The Russian government didn't.   But Putin's shills did -- and Putin supports and protects them.

    Hmm, that is very interesting. Now, can you tell us, are the Russians in the room with us right now?

    In all seriousness, can we all employ some critical thinking here? We spent 3-4 years with establishment politicians and intelligence agencies telling us they have "proof" Trump was a 'russian agent,' then, the conclusion of the largest and most expensive investigation of its kind found no evidence of collusion.

    Anyway, I think it's important for us to consider all options regarding these strangely-timed cyper-attacks, and not just accept the establishment narrative on its face.

    By the way, I wouldn't count on Quid Pro Joe Biden to do anything about putin. After biden cancelled the keystone pipline in the US, he approved Russia's pipeline through germany.


    Uhh no, politicians and intel did NOT say there was proof Trump was an agent (just very, very stupid). Nor did the Mueller report say there was no collusion. In fact the opposite, his campaign (Paul Manafort) was proven to have colluded with a a russian agent. 

    Read up. 

    https://thehill.com/opinion/white-house/548794-there-was-trump-russia-collusion-and-trump-pardoned-the-colluder
    edited July 7 GeorgeBMacwatto_cobra
Sign In or Register to comment.