REvil ransomware group will hand over Kaseya attack decrypt key for $70 million

What just happened? The Russia-based REvil hacker gang has revealed how much it wants for the decryption key that will unlock systems affected by its Kaseya supply-chain attack last week: $70 million in Bitcoin, a ransomware record.

To recap, an attack targeting Kaseya's VSA cloud-based system management platform, which is used for remote monitoring and IT management, took place last Friday. Cybersecurity firm Huntress Labs initially thought around 200 businesses were impacted, but it recently revised that figure to over 1,000.

As reported by Bleeping Computer, REvil claims that the campaign has reached more than a million devices. The group is willing to negotiate for a universal decryption key that will unlock all the encrypted files, but it comes with a very high starting price of $70 million in BTC. It had previously asked for $5 million from MSPs (managed service providers) for the tool and a $44,999 ransom from their customers.

Image courtesy of Bleeping Computer

That $70 million is a record for a ransomware attack, beating the previous $50 million REvil demanded from Acer earlier this year. It asked the same amount from Apple manufacturing partner Quanta but dropped those demands the day before it was supposed to be paid, for some reason.

On Saturday, President Joe Biden revealed he had instructed US intelligence agencies to investigate the attack. He said, "we're not certain" who is behind it. "The initial thinking was it was not the Russian government but we're not sure yet."

The president said the United States would respond if it does determine Russia is to blame for the incident.

To learn more about ransomware, check out our The Evolution of Ransomware: How Did We Get Here? feature

Masthead credit: Andrey_Popov