OODA Loop – REvil Group Demands $70 Million for ‘Universal Decryptor’

REvil, the group behind the damaging supply chain ransomware attack on a US software company Kaseya, has reportedly demanded $70 million in return for a universal decryption key. Researchers claim that there could be as many as 1,500 companies impacted globally. It is unclear which ransomware affiliate was used to compromise Kaseya’s VSA IT software, however, researchers believe that the REvil strain was used in the attack.

According to BBC, the group requested that the ransom demand be paid using Bitcoin, rather than Monero. Cybercriminals typically utilize Monero as it is more difficult to trace than Bitcoin. Many of the companies impacted by the attack were managed service providers and their customers. Victims include eleven schools in New Zealand, 500 Coop supermarkets in Sweden, and two Dutch IT firms. Yesterday, a Kaspersky report claimed that as many as 5,000 attack attempts had been conducted in just 22 countries since July 2. The FBI and CISA recently released guidance for affected MSPs and their customers on how to mitigate the risks of the attack.