A group of Russian-speaking hackers claimed responsibility for a massive ransomware attack over the holiday weekend that affected 200 U.S. companies and hundreds more around the world, and the group demanded $70 million in bitcoins to restore company data in the latest debilitating cyberattack in the United States this year.
The ransom was posted Sunday on a blog commonly used by REvil, a major Russian-speaking ransomware group that recently extorted $11 million from the world’s largest meat processor, JBS, after taking down a fifth of U.S. meat production.
The group claimed responsibility for a ransomware attack, in which hackers encrypt a user’s data and demand money for the key needed to decrypt it, executed on Friday, which it says has affected more than 1 million computer systems.
Follow the technology information in our specialized section
The attack has hit at least 200 U.S. businesses and shut down hundreds of Swedish supermarkets over the weekend after hackers raped Kaseya, a Miami-based IT company, and used that access to break into their customers’ systems.
President Joe Biden, who is facing mounting pressure to deal with escalating cyberattacks, ordered intelligence agencies to investigate the attack Saturday.
Biden said officials are “not sure” who is responsible and “unsure” whether the Russian government is involved or not.
In their first face-to-face meeting in June, Biden warned Russian President Vladimir Putin against attacks on U.S. infrastructure and promised to retaliate against any future attacks.
The United States has been the target of a series of serious cyberattacks in recent years, many of them linked to groups believed to be based in Russia or have ties to its government. The FBI blamed REvil, the group claimed responsibility for the latest attack, for an attack that wiped out 20% of the country’s beef production capacity.
DarkSide, another hacker collective believed to have ties to Russia, attacked Colonial Pipeline in May, causing a gas shortage when the key east coast pipeline was disconnected for several days. The government was able to recover most ($2.3 million out of $4.4 million) of the ransom paid for the attack. A serious security breach at SolarWinds Orion, an IT management platform, left government agencies, tech companies and cybersecurity companies vulnerable to Russian hackers earlier this year.
WHAT TO WATCH
Paying the ransom demands of the hackers is controversial. Sometimes it can be the fastest and most cost-effective way to recover your data, but many officials, including the FBI, have long argued that it encourages more crime and that not everyone who pays a ransom receives a key to decrypt your data.