Jul 5, 2021 - Technology

Kaseya hackers demand $70 million in massive ransomware attack

Anne Neuberger

White House deputy national security adviser for cyber Anne Neuberger. Photo: Drew Angerer/Getty Images

Russia-linked hackers suspected in this weekend's mass attack on software provider Kaseya, which could affect thousands of companies worldwide, demanded $70 million to restore data they are holding for ransom, Reuters reports.

Why it matters: The hack is the latest and most dramatic in a series of high-profile ransomware attacks this year, exposing the pandemic-style threat that this type of cybercrime poses to companies and governments around the world.

Details: Hundreds of companies were directly hit by the supply-chain attack on Kesaya's VSA software, which provides IT services to small and medium-sized businesses, according to CNET. At least 36,000 companies were indirectly impacted.

  • The Coop, one of Sweden's largest grocery chains, had to close 800 of its stores, according to the New York Times.
  • Kaseya said in a Sunday night update that its executive committee will meet Monday morning "with a goal of starting the restoration process to bring our datacenters online by end of day on July 5," though it cautioned that this timeline could change.

What they're saying: "This is without a doubt going to turn out to be the biggest most destructive ransomware campaign that we’ve seen so far," tweeted Dmitri Alperovitch, co-founder and former chief technology officer of cybersecurity firm Crowdstrike.

  • "Huge number of victims all over the world. Entire networks encrypted. No way to decrypt today without paying millions per network of any significant size."

The latest: The $70 million ransomware demand was posted to a dark-web blog typically used by REvil, the Russia-linked cybercrime gang behind the attack that crippled the U.S. operations of meat processor JBS.

  • The White House said in a statement Sunday that President Biden has "directed the full resources of the government to investigate this incident," and urged businesses to adopt recommendations released last month to shore up their cyber defenses.
  • The FBI asked businesses to report whether their systems have been compromised, but cautioned that it may not be able to respond to each victim individually "[d]ue to the potential scale of this incident."

Our thought bubble: Coming just two weeks after President Biden's personal warning to Vladimir Putin during the Geneva summit, the attack looks like the Russians thumbing their nose at the tough talk.

  • "The initial thinking was it was not the Russian government, but we're not sure yet," Biden told reporters on Saturday. "If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond."

Go deeper: The ransomware pandemic

Editor’s note: This story has been updated to note that Dmitri Alperovitch is no longer with Crowdstrike.

Go deeper