Black hat hackers hit white hats with ransomware, demand $70M Bitcoin

The ransomware attack on Kaseya has been credited to Russia-based black hats REvil, the group responsible striking meat giant JBS in May.

Netherlands-based white hat hackers were hours away from fixing a massive flaw in Kaseya’s systems when black hats struck back with ransomware, demanding $70 million in Bitcoin.

According to NL Times, the Dutch Institute for Vulnerability Disclosure (DIVD) discovered a potentially serious bug in Miami-based software provider Kaseya’s system while working with one of the company’s clients.

DIVD experts were working on a patch with the firm’s technical brains within days of spotting the issue — which allowed attackers to access Kaseya-based systems without logging in.

Unfortunately, they weren’t quick enough. Late last week, Kaseya’s clients received messages from the black hats that read: “On Friday (02.07.2021) we launched an attack on [Managed Service Providers].”

“More than a million systems were affected. If anyone wants to negotiate about universal decryptor [sic] — our price is [$70 million] in BTC.”

The ransomware attack on Kaseya has been credited to Russia-based black hats REvil, the group responsible striking meat giant JBS in May.
Ransom note screenshot courtesy of Dave Maasland.

Black hats REvil to blame

The attack on Kaseya has been credited to notorious Russia-based hacker collective REvil. The group was responsible for May’s attack on Brazilian meat giant JBS.

  • REvil collected $11 million in Bitcoin from JBS as a result of that attack.
  • The group also struck Taiwan-based laptop maker and Apple contractor Quanta in April.
  • REvil had threatened to release plans for two new Apple laptops (Quanta didn’t pay up).

In Kaseya’s case, the black hats could now potentially target up to a thousand of its customers (providing they use the software and were online).

Speaking about the sheer scale of the Kaseya breach, director of Dutch service provider Xantion, Peter Oelen said (via NLTimes):

“While you’re normally talking about one bullet to one company, here you see an atomic bomb that could potentially destroy thousands of companies in one swoop.”

According to Bloomberg, Swedish grocery stalwart Coop couldn’t open most of its 800 stores on Saturday as the ransomware had taken control of its payment terminals.

The Netherlands unprepared for widespread ransomware

Cybersecurity experts in the Netherlands (home to about 100 affected companies) say the incident is “a wake-up call.”

In response, they’ve reportedly called on the Dutch government to implement a cohesive plan for tackling ransomware issues.

New York Times’ Nicole Perlroth noted researchers found many software products keeping networks ‘safe’ are structurally weak.

[Read more: Hacked meat giant’s $11M Bitcoin ransom was insurance against more attacks]

A recent report from The Scientific Council for Government Policy related to Dutch Government (WRR) claimed the country was woefully underprepared for a cyberattack on this scale.

Join our newsletter and get crypto news in your inbox

Newsletter

© 2021 Protos