Hackers who claim to have taken control of a million systems in a “colossal” ransomware attack have demanded $70 million be paid in return for a “universal decryptor” that it says will unlock the files of all victims.
The REvil group claims its malware, which initially targeted US IT firm Kaseya, has hit one million “systems”.
The exact total of victims is unknown. However, it does include 500 Swedish Coop supermarkets and 11 schools in New Zealand. Two Dutch IT firms have also been hit, according to reports.
Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software. Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.
Kaseya said in a statement on its own website that it was investigating the “potential attack”.
Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised. The company said it was urging customers that use its VSA tool to immediately shut down their servers.
Kaseya chief executive Fred Voccola told the Associated Press that the number of victims would probably be in the low thousands, made up of small organisations such as dental practices and libraries.
Kaseya’s website says it has a presence in over 10 countries and more than 10,000 customers.
REvil – also known as Sodinokibi – is one of the most prolific and profitable cyber-criminal groups in the world.
The gang was blamed by the FBI for a hack in May that paralysed operations at JBS, the world’s largest meat supplier.
The group sometimes threatens to post stolen documents on its website known as the “Happy Blog” when victims don’t comply with its demands.
REvil was also linked to a coordinated attack on nearly two dozen local governments in Texas in 2019.