The REvil ransomware gang has taken credit score for the Kaseya assault that has affected greater than 1,000 corporations worldwide and prompted an investigation by U.S. intelligence companies. The criminals are asking for a $70 million ransom in bitcoin to publish a public common decryptor that can unlock all affected computer systems.

As reported by the Record, REvil posted a message accepting accountability for the assault on its darkish net weblog. The ransomware gang, which had been suspected of being the offender earlier than it went public, additionally shed additional gentle on the purported scale of the assault, claiming that a couple of million methods had been contaminated. Kaseya reported the assault final Friday.

REvil, often known as Sodinokibi, is a infamous cybercriminal gang that has used ransomware to go after large title corporations, together with Apple and Acer. Most lately, it focused JBS, the world’s largest meat processing firm, which paid it $11 million in bitcoin to mitigate fallout from the assault and shield its information.

“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected,” the REvil gang stated, in response to the Record. “If anyone wants to negotiate about universal decryptor–our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal–contact us using victims ‘readme’ file instructions.”

Dana Liedholm, a Kaseya spokesperson, instructed Gizmodo on Monday that the FBI and different unbiased teams have stated with confidence that REvil had carried out the assault and that the corporate was trusting these consultants.

“Regarding ransom we are not commenting on this as it’s a criminal investigation and we can’t at this time,” Liedholm stated.

The Kaseya assault is what’s referred to as a software program supply chain ransomware attack, wherein a cyber risk actor infiltrates a software program vendor’s community and sends malicious code to compromise the software program earlier than the seller sends it out to its clients. The contaminated software program then impacts the purchasers’ information or methods. The hackers that focused SolarWinds’ software program used any such assault to infiltrate main U.S. federal companies and firms.

Kaseya, in the meantime, sells its merchandise to managed service suppliers, or MSPs, that are corporations that present distant IT providers to lots of of smaller companies that don’t have the sources to imagine these capabilities themselves. MSPs use Kaseya’s VSA cloud platform to handle and ship software program updates to those companies in addition to resolve different points.

In Kaseya’s case, initial reports state that REvil gained entry to the corporate’s backend infrastructure and used it ship an replace with malware to VSA servers operating on shopper premises. The malicious replace then put in the ransomware from the VSA server on all linked computer systems, the Record states. This, in flip, unfold the ransomware to different corporations that had been linked to the VSA methods. Nonetheless, specifics on the assault are nonetheless unsure, and knowledge is evolving consistently.

In its Monday update at 1 p.m. ET concerning the state of affairs, Kaseya stated that each one on-premises VSA servers ought to proceed to stay offline till clients obtain directions from Kaseya about when it’s secure to revive operations. On Sunday, Kaseya CEO Fred Voccola stated the corporate knew how the assault had occurred and that it was remediating it.

If Kaseya, or any of the opposite corporations affected, pay REvil’s $70 million ransom, it might be the very best ransomware fee ever made.