REvil hackers breached thousands of companies and demanded a $70 million ransom in Bitcoin

More than a thousand companies were affected by a cyberattack on the American software developer Kaseya. The breach is believed to have been carried out by operators of the REvil ransomware, linked to Russia.

On July 2, Kaseya specialists рекомендовали their clients to disconnect the software due to a possible attack, which was later confirmed. The company said that the hackers’ actions affected a small group of its customers, but the scale of the attack grew as the investigation progressed.

According to Bloomberg, citing Huntress Labs analysts, the attackers targeted at least eight IT-support companies and could access the networks of thousands of their clients.

“This is one of the most wide-scale attacks by non-state actors we have ever seen. It appears to be aimed solely at money. It is hard to imagine a better way to spread malware than through trusted IT service providers,” said Andrew Howard, head of Kudelski Security.

Cybersecurity experts immediately suspected the REvil hacking group. Later Huntress Labs discovered on the hackers’ dark web site a demand for $70 million in Bitcoin to decrypt all victims’ files.

REvil (also known as Sodinokibi) is often linked to Russia because it does not attack Russian organisations or businesses in the former Soviet Union and frequently posts messages in Russian.

President Joe Biden said that he is not convinced that Russian authorities were involved in the Kaseya attack. He also said U.S. intelligence agencies are investigating the incident.

In March, $50 million in Monero, and in April the group attacked an Apple supplier.

In June, victim was the world’s largest meatpacker, JBS, which paid the hackers a ransom of $11 million in Bitcoin.

Follow ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analytics.