5 Jul 2021

$100m ransom demand after companies hit by global cyber attack

6:51 pm on 5 July 2021

The hackers alleged to be behind a mass ransomware attack than affected hundreds of companies worldwide are demanding $US70 million ($NZ100m) to liberate the data.

Ransomware alert message on a laptop screen - man at work

Representational image. Photo: 123RF

The demand was posted by REvil cybercrime gang on their blog.

Allan Liska, with cybersecurity firm Recorded Future, said the message appeared to be authentic and that the blog had been in use by that group since last year.

US-based Kaseya, which provides IT management software for managed service providers and small to mid-sized businesses, had its VSA software infiltrated with ransomware over the weekend.

Hundreds of organisations across the world have been affected, with at least 11 schools in New Zealand implicated as well.

The group has not responded to an attempt by Reuters to reach it for comment.

REvil's ransomware attack, which the group executed on Friday, was among the most dramatic in a series of increasingly attention-grabbing hacks.

The attack has set off a chain reaction that quickly paralysed the computers of hundreds of firms worldwide.

An executive at Kaseya said the company was aware of the ransom demand but did not immediately return further messages seeking comment.

About a dozen different countries were affected, according to research published by cybersecurity firm ESET.

In at least one case, the disruption spilled out into the public domain when Swedish Coop grocery store chain had to close hundreds of stores on Saturday because its cash registers had been knocked offline as a consequence of the attack.

Earlier on Sunday, the White House said it was reaching out to victims of the outbreak "to provide assistance based upon an assessment of national risk".

The impact of the intrusion is still coming into focus.

Those hit included schools, small public-sector bodies, travel and leisure organisations, credit unions and accountants, said Ross McKerchar, chief information security officer at Sophos Group.

McKerchar's company was one of several that had blamed REvil for the attack, but Sunday's statement was the group's first public acknowledgement that it was behind the campaign.

Ransom-seeking hackers have tended to favour more focused shakedowns against single, high-value targets like Brazilian meatpacker JBS, whose production was disrupted last month when REvil attacked its systems. JBS said it ended up paying the hackers $US11m.

Liska said he believed the hackers had bitten off more than they could chew by scrambling the data of hundreds of companies at a time and that the $US70m demand was an effort to make the best of an awkward situation.

"For all of their big talk on their blog, I think this got way out of hand," he said.

- Reuters / RNZ

Get the RNZ app

for ad-free news and current affairs