Thousands of businesses taken down by ransomware demanding £50 million

Hacker attacking internet
Russian group REvil has claimed responsibility for the attack (Getty)

Over a thousand businesses worldwide have been compromised by a single ransomware attack from Russian hackers REvil.

Between 800 and 1,500 firms around have been affected by a ransomware attack centered on US information technology firm Kaseya.

Kaseya is a company which provides software tools to IT outsourcing shops: companies that typically handle back-office work for companies too small or modestly resourced to have their own tech departments.

Although most of those affected have been small concerns – like dentists’ offices or accountants – the disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative, or New Zealand, where schools and kindergartens were knocked offline.

REvil claimed responsibility and demanded $70 million (£50 million) in Bitcoin to restore all the affected businesses’ data.

Victims of the attack are redirected to this page asking for ransom payment (ESET)
Victims of the attack are redirected to this page asking for ransom payment (ESET)

Jake Moore, the Cybersecurity Specialist at ESET, said: ‘Combining a supply chain attack with ransomware is a lethal mix with powerful results.

‘Both lines of attack are feared by those in charge of their networks but when fused together, the victims are multiplied and the money involved can be astronomical.

‘There will be huge initial pressures to restore the affected business networks but many will be forced to pay the demands simply because it remains the cheaper option.’

According to Reuters, the hackers have indicated a willingness to temper their demands in some circumstances.

‘We are always ready to negotiate,’ a REvil representative told Reuters on Monday.

The representative, who spoke via a chat interface on the hackers’ website, didn’t provide their name.

The readme file telling victims they have been hit with ransomware and 'it's just business' (ESET)
The readme file telling victims they have been hit with ransomware and ‘it’s just business’ (ESET)

Meanwhile, Fred Voccola, the CEO of Florida-based Kaseya refused to say whether he was ready to take the hackers up on the offer.

‘I can’t comment ‘yes,’ ‘no,’ or ‘maybe’,” he said when asked whether his company would talk to or pay the hackers.

‘No comment on anything to do with negotiating with terrorists in any way.’

The topic of ransom payments has become increasingly fraught as ransomware attacks become increasingly disruptive – and lucrative.

Voccola said he had spoken to officials at the White House, the Federal Bureau of Investigation, and the Department of Homeland Security about the breach but declined to say what they had told him about paying or negotiating.

About a dozen different countries have had organizations affected by the breach in some way, according to research published by ESET.

MORE : The head of the UK’s cybersecurity agency is very worried about ransomware

MORE : Ireland’s health service hit with ‘significant’ ransomware cyber attack

Tech Technology