Skip to main content
You have permission to edit this article.
Ransomware gang wants $70 million in biggest global attack yet

Ransomware gang wants $70 million in biggest global attack yet

  • Updated
  • 0

The hackers behind a mass extortion attack that has targeted hundreds of companies worldwide have demanded $70 million to restore the data they are holding ransom. Julian Satterthwaite reports.

The single biggest global ransomware attack yet continued to bite Monday as details emerged on how the Russia-linked gang responsible breached the company whose software was the conduit. In essence, the criminals used a tool that helps protect against malware to spread it widely.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.

REvil was demanding ransoms of up to $5 million. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency. It wasn't clear who they expected might pay that amount.

Sweden may have been hardest hit by the attack — or at least most transparent about it. Its defense minister, Peter Hultqvist, bemoaned on Monday "a serious attack on basic functions in Swedish society."

A broad array of businesses and public agencies were affected, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. The cybersecurity firm ESET identified victims in countries including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up.

The hackers behind a mass ransomware attack exploited a previously unknown vulnerability in IT management software made by Kaseya Ltd., the latest sign of the skill and aggressiveness of the Russia-linked group believed responsible for the incidents, cybersecurity researchers said Sunday.

Marcus Murray, founder of Stockholm-based TrueSec Inc., said his firm's investigations involving multiple victims in Sweden found that the hackers targeted them opportunistically. In those cases, the hackers used a previously unknown flaw in Miami-based Kaseya's code to push ransomware to servers that used the software and were connected to the internet, he said.

The Dutch Institute for Vulnerability Disclosure said it had alerted Kaseya to a vulnerability in its software that was then used in the attacks, and that it was working with the company on fixes when the ransomware was deployed.


AP reporters Jim Heintz in Moscow, Jan Olsen in Stockholm, Kirsten Grieshaber in Berlin, Jari Tanner in Helsinki and Sylvie Corbet in Paris contributed to this report.


Be the first to know

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Related to this story

Most Popular

  • Updated

CANBERRA, Australia (AP) — France would have known Australia had “deep and grave concerns” that a submarine fleet the French were building would not meet Australian needs, Prime Minister Scott Morrison said Sunday after the contract's cancellation set off a diplomatic crisis.

  • Updated

PARIS (AP) — France's foreign minister on Saturday denounced what he called the “duplicity, disdain and lies” surrounding the sudden rupture of France's lucrative contract to make submarines for Australia in favor of a U.S. deal and declared that a crisis is at hand among the Western allies.

Get up-to-the-minute news sent straight to your device.


News Alerts

Breaking News

Husker News