In a post on Happy Blog, a site on the dark web usually linked with the notorious Russian-based REvil cybercrime gang, the hackers claimed responsibility for the attack on Kaseya and also posted their demand for the ransom. They also said that upon receiving the $70 million in Bitcoin, they might post a decryption tool online with which “everyone are going to be ready to get over attack in but an hour”, press agency AFP reported, citing the blog. HT has not individually verified the blog post.
Allan Liska of the cybersecurity firm said that the message “almost certainly” came from the core leadership of REvil because the affiliate structure of the gang makes it sometimes difficult to spot who communicates from the hackers’ side, consistent with a Reuters report.
The network of Kaseya, a Miami-based Information Technology (IT) service provider, was breached by the hackers using which they accessed a number of their clients’ clients. This was wont to kick-off a sequence reaction which then crippled many computers at many firms worldwide.
A company executive also said that they were conscious of the demand for ransom without commenting further, Reuters reported without naming the chief .
Following the breach, Kaseya, on Sunday, said that the damage has been restricted to “a very small number of customers” using their VSA software in managing the network of computers and other resources like printers from one point. Also, it said that their servers were immediately shutdown on detecting the breach on Friday and warned its customers using VSA to try to to an equivalent “to prevent them from being compromised”, consistent with press agency AFP. A tool to detect if the customers’ computers are compromised was also released by the corporate.
More than 10 countries are suffering from the attack consistent with a report by the safety researchers at ESET, an online security company.
While much of the impact is yet to be uncovered, Swedish supermarket chain Coop was one among the high-profile customers impacted as a “majority” of their 800 stores still closed three days after the attack, the AFP reported. Kevin Bell, spokesperson for Coop, said that things was looking “positive compared to a couple of days ago” and therefore the hack has paralysed the cash registers at the outlets. Also alternate payment methods are used largely in those stores that had reopened after the attack, he further said.
