The most dangerous hacking group encrypts over a million computers in 17 countries and hacks more than 1000 companies

The operators of the REvil ransomware, one of the most dangerous hacking groups in the world, have deployed a massive new operation. This time, the victim is software development firm Kaseya, which suffered a severe infection and must now pay a ransom of up to $70 million.

This weekend, the cybersecurity community issued an alert to notify that this hacking group is exploiting CVE-2021-30116, a zero-day vulnerability in VSA software. In the most recent report on this security threat, it is mentioned that ransomware hackers have compromised at least a thousand companies around the world, bringing the infection to countries such as Argentina, Canada, Kenya, Mexico, South Africa, United Kingdom and New Zealand.

The researchers believe that this severe attack is due to Kaseya operating remote access in hundreds of companies around the world, which allowed threat actors to deploy an ambitious mass infection campaign to reach the clients of this technology firm.

As mentioned at the beginning, the operators of the encryption malware demanded around 70 million dollars in cryptocurrency. The ransom note sent by the hackers specifies: “We infected over a million devices over the weekend. If someone wants to trade to acquire a decryption tool, our demand is for $70 million USD which must be paid in Bitcoin; this tool would allow you to reset the affected devices in less than an hour.” This message was also posted on the dark web platform of REvil operators.

It is not yet known what the real scope of this incident is, although the Cybersecurity and Infrastructure Security Agency (CISA) recommended that Kaseya’s customers use the tool that this company developed for the detection of security incidents, which could be useful for the investigation of this massive hacking campaign. Investigators also fear the identification of subsequent incidents, so they invite organizations to gather as much information as possible about this incident.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.