WASHINGTON — Hackers suspected to be behind a mass extortion
attack that affected hundreds of companies worldwide late on Sunday demanded
$70 million to restore the data they are holding ransom, according to a posting
on a dark web site.
اضافة اعلان
The demand was posted on a blog typically used by the REvil
cybercrime gang, a Russia-linked group that is counted among the cybercriminal
world's most prolific extortionists.
The gang has an affiliate structure, occasionally making it
difficult to determine who speaks on the hackers' behalf, but Allan Liska of
cybersecurity firm Recorded Future said the message "almost
certainly" came from REvil's core leadership.
The group has not responded to an attempt by Reuters to
reach it for comment.
REvil's ransomware attack, which the group executed on
Friday, was among the most dramatic in a series of increasingly
attention-grabbing hacks.
The gang broke into Kaseya, a Miami-based information
technology firm, and used their access to breach some of its clients, setting
off a chain reaction that quickly paralyzed the computers of hundreds of firms
worldwide.
An executive at Kaseya said the company was aware of the
ransom demand but did not immediately return further messages seeking comment.
About a dozen different countries were affected, according
to
research published
by cybersecurity firm ESET.
In at least one case, the disruption spilled out into the
public domain when Swedish Coop grocery store chain had to close hundreds of
stores on Saturday because its cash registers had been knocked offline as a
consequence of the attack.
Earlier on Sunday, the White House said it was reaching out
to victims of the outbreak "to provide assistance based upon an assessment
of national risk."
The impact of the intrusion is still coming into focus.
Those hit included schools, small public-sector bodies,
travel and leisure organizations, credit unions and accountants, said Ross
McKerchar, chief information security officer at Sophos Group Plc.
McKerchar's
company was one of several that had blamed REvil for the attack, but Sunday's statement was the group's first public acknowledgement
that it was behind the campaign.
Ransom-seeking hackers have tended to favor more focused
shakedowns against single, high-value targets like Brazilian meatpacker JBS,
whose production was disrupted last month when REvil attacked its systems.
JBS said it ended up paying the hackers $11 million.
Liska said he believed the hackers had bitten off more than
they could chew by scrambling the data of hundreds of companies at a time and
that the $70 million demand was an effort to make the best of an awkward
situation.
"For all of their big talk on their blog, I think this
got way out of hand," he said.