More than 200 companies have had their systems taken down by a ransomware hacking group.
REvil is believed to have targeted a software supplier called Kaseya — enabling its ransomware to be distributed through the cloud.
The Russia-based group says more than one million machines have been infected. Now, it is demanding $70 million in Bitcoin (2,027 BTC) in order to decrypt the files.
One of the businesses affected by this ransomware is Coop Sweden, which had to close about 500 of its supermarkets after its tills were crippled by the attack.
Kaseya confirmed one of its products has been “the victim of a sophisticated cyberattack”— and stressed that customers who have received communication from the attackers should not click on any links.
REvil Strikes Again
REvil has form in this sector. It managed to attack Colonial Pipeline in the U.S., causing gas shortages in some parts of the country. The company ended up paying a $5 million ransom but some of the cash was later recovered.
In another incident last month, JBS — the largest supplier of beef worldwide — paid $11 million after its computer networks were breached in a ransomware incident.
Companies that pay these ransoms have come in for some criticism, amid concerns that this simply emboldens cybercriminals to launch further attacks.
Speaking on the most recent episode of the CoinMarketRecap podcast, Chainalysis director of research Kim Grauer says blockchain analytics can be crucial in tracing what happens after ransomware payments are made.
“We know that ransomware is an international type of criminal activity — there’s really a supply chain of a ransomware event where you can see many stages that allow and enable a ransomware attack to be carried out.”
Grauer added that ransomware “can feel very scary and big and overwhelming.” Its figures show this type of crime exploded in 2020 and shows no sign of slowing down in 2021.