Hackers suspected to be behind a mass extortion attack that affected hundreds of companies worldwide late on Sunday demanded US$70 million to restore the data they are holding ransom, a posting on a dark Web site said.
The demand was posted on a blog typically used by the REvil cybercrime gang, a Russia-linked group that is counted among the cybercriminal world’s most prolific extortionists.
The gang has an affiliate structure, occasionally making it difficult to determine who speaks on the hackers’ behalf, but Allan Liska of cybersecurity firm Recorded Future said the message “almost certainly” came from REvil’s core leadership.
The group has not responded to an attempt by Reuters to reach it for comment.
REvil’s ransomware attack, which the group executed on Friday, was among the most dramatic in a series of increasingly attention-grabbing hacks.
The gang broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients’ clients, setting off a chain reaction that quickly paralyzed the computers of hundreds of firms worldwide.
An executive at Kaseya Ltd said the company was aware of the ransom demand, but did not immediately return further messages seeking comment.
About a dozen countries were affected, research published by cybersecurity firm ESET said.
In at least one of the cases, the disruption spilled out into the public domain when the Swedish Coop grocery store chain had to close hundreds of stores on Saturday because its cash registers had been knocked offline as a consequence of the attack.
Earlier on Sunday, the White House said that it was reaching out to those affected by the outbreak “to provide assistance based upon an assessment of national risk.”
The impact of the intrusion is still coming into focus.
Those hit included schools, small public-sector bodies, travel and leisure organizations, credit unions and accountants, Sophos Group PLC chief information security officer Ross McKerchar said.
McKerchar’s company was one of several that had blamed REvil for the attack, but Sunday’s statement was the group’s first public acknowledgment that it was behind the campaign.
Ransom-seeking hackers have tended to favor more focused shakedowns against single, high-value targets like Brazilian meatpacker JBS SA, whose production was disrupted last month when REvil attacked its systems.
JBS said it ended up paying the hackers US$11 million.
Liska said he believed the hackers had bitten off more than they could chew by scrambling the data of hundreds of companies at a time, and that the US$70 million demand was an effort to make the best of an awkward situation.
“For all of their big talk on their blog, I think this got way out of hand,” he said.
‘SWASTICAR’: Tesla CEO Elon Musk’s close association with Donald Trump has prompted opponents to brand him a ‘Nazi’ and resulted in a dramatic drop in sales Demonstrators descended on Tesla Inc dealerships across the US, and in Europe and Canada on Saturday to protest company chief Elon Musk, who has amassed extraordinary power as a top adviser to US President Donald Trump. Waving signs with messages such as “Musk is stealing our money” and “Reclaim our country,” the protests largely took place peacefully following fiery episodes of vandalism on Tesla vehicles, dealerships and other facilities in recent weeks that US officials have denounced as terrorism. Hundreds rallied on Saturday outside the Tesla dealership in Manhattan. Some blasted Musk, the world’s richest man, while others demanded the shuttering of his
ADVERSARIES: The new list includes 11 entities in China and one in Taiwan, which is a local branch of Chinese cloud computing firm Inspur Group The US added dozens of entities to a trade blacklist on Tuesday, the US Department of Commerce said, in part to disrupt Beijing’s artificial intelligence (AI) and advanced computing capabilities. The action affects 80 entities from countries including China, the United Arab Emirates and Iran, with the commerce department citing their “activities contrary to US national security and foreign policy.” Those added to the “entity list” are restricted from obtaining US items and technologies without government authorization. “We will not allow adversaries to exploit American technology to bolster their own militaries and threaten American lives,” US Secretary of Commerce Howard Lutnick said. The entities
Taiwan’s official purchasing managers’ index (PMI) last month rose 0.2 percentage points to 54.2, in a second consecutive month of expansion, thanks to front-loading demand intended to avoid potential US tariff hikes, the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. While short-term demand appeared robust, uncertainties rose due to US President Donald Trump’s unpredictable trade policy, CIER president Lien Hsien-ming (連賢明) told a news conference in Taipei. Taiwan’s economy this year would be characterized by high-level fluctuations and the volatility would be wilder than most expect, Lien said Demand for electronics, particularly semiconductors, continues to benefit from US technology giants’ effort
Minister of Finance Chuang Tsui-yun (莊翠雲) yesterday told lawmakers that she “would not speculate,” but a “response plan” has been prepared in case Taiwan is targeted by US President Donald Trump’s reciprocal tariffs, which are to be announced on Wednesday next week. The Trump administration, including US Secretary of the Treasury Scott Bessent, has said that much of the proposed reciprocal tariffs would focus on the 15 countries that have the highest trade surpluses with the US. Bessent has referred to those countries as the “dirty 15,” but has not named them. Last year, Taiwan’s US$73.9 billion trade surplus with the US