The ransomware group REvil has demanded a $70 million payment in Bitcoin for a decryptor tool following its attack on the software vendor Kaseya, cyber researchers say.
The offer of a universal tool reflects the “logistical nightmare” REvil is now facing with thousands of potential victims to negotiate with, researcher Allan Liska at cybersecurity firm Recorded Future said.
“We know there are thousands of victims here. REvil [has] limited resources to handle negotiations and process keys,” Liska said, calling this the biggest non-nation state supply chain attack ever, and possibly the second biggest ransomware attack ever.
The full impact won’t be felt until Tuesday when people are back at work, experts say.
“Not everyone will have seen the alerts or had the urgency to check their own network/systems,” said Bryce Webster-Jacobsen, the head of intelligence at cybersecurity company GroupSense.
Kaseya said it would release new information Monday morning, but has yet to do so. In Sunday night’s update it reported that the attack “has been localized to a very small number of on-premises customers only.”
However, each customer, namely IT service providers, can have hundreds or thousands of clients themselves who are affected.
Asked whether he saw any change in REvil since its attack on JBS Foods, Liska said they’re “just more arrogant. If that is possible.”