Ransomware Hackers Demand $70 Million In Bitcoin, Claim Massive U.S. Attack As Biden Investigates Possible Russian Involvement

Topline

A group of Russian-speaking hackers have claimed responsibility for a massive ransomware attack over the holiday weekend that hit 200 U.S. firms and hundreds more worldwide, with the group demanding $70 million in bitcoin to restore the companies’ data in the latest debilitating cyberattack to hit the U.S. this year. 

Key Facts

The ransom was posted on Sunday on a blog ordinarily used by REvil, a major Russian-speaking ransomware group who recently extorted $11 million from the world’s largest meat processor, JBS, after wiping out one fifth of U.S. beef production.   

The group claimed responsibility for a ransomware attack—whereby hackers encrypt a user’s data and demand money for the key needed to decrypt it—executed Friday, which it says has affected more than 1 million computer systems. 

The hack has affected at least 200 U.S. companies and shuttered hundreds of Swedish supermarkets over the weekend after the hackers breached Kaseya, a Miami-based IT firm, and used that access to break into its clients’ systems. 

President Joe Biden, facing growing pressure to deal with escalating cyberattacks, directed intelligence agencies to investigate the attack on Saturday. 

Biden said officials are “not certain” who is responsible and are “not sure” whether the Russian government is involved or not.

In their first face to face meeting in June, Biden warned Russian President Vladimir Putin against attacking U.S. infrastructure and vowed to retaliate against any future hacks.

Key Background

The U.S. has been subject to a string of severe cyberattacks in recent years, many pinned on groups believed to be based in Russia or have ties to its government. The FBI blamed REvil, the group claiming responsibility for this latest attack, for an attack wiping out 20% of the country’s beef producing capacity. DarkSide, another hacker collective believed to have Russian links, attacked Colonial Pipeline in May, prompting gas shortages as the key East Coast pipeline went offline for several days. The government was able to recover the majority—$2.3 million of $4.4 million—of the ransom paid for the hack. A severe security breach in SolarWinds Orion, an IT management platform, left government agencies, tech companies and cybersecurity companies vulnerable to Russian hackers earlier this year.

What To Watch For

Paying hackers’ ransom demands is controversial. It can sometimes be the fastest and most cost-effective way to recover your data but many officials, including the FBI, have long maintained it encourages more crime and not all those paying a ransom actually receive a key to decrypt their data. 

Further Reading

The FBI Is Blaming The JBS Hack On A Russian-Speaking Criminal Gang. Here’s What We Know About Them. (Forbes)

The Colonial Pipeline Hackers Are One Of The Savviest Criminal Startups In A $370 Million Ransomware Game (Forbes)

Hackers demand $70 mln to restore data held by companies hit in cyberattack – blog (Reuters)

As Ransomware Hackers Sit On Millions In Extorted Money, America’s Military Is Urged To Hack Back (Forbes)