Cyber criminals reportedly demanded $70 million in Bitcoin in exchange for data stolen during last week’s attack on Miami-based technology company Kaseya, which halted the operations of firms around the world, including hundreds of Sweden’s Coop supermarkets.
The ransom demand was posted on a blog used by the REvil, a Russia-linked cyber criminal group, on the dark web.
"More than a million systems were infected," the REvil group claimed, according to technology portal ZDNet.
“If anyone wants to negotiate about universal decryptor our price is $70,000,000 in BTC and we will publish publicly [a] decryptor that decrypts files of all victims, so everyone will be able to recover from [the] attack in less than one hour.”
Kaseya chief executive Fred Voccola confirmed that the company detected compromise attempts and immediately shut down its SaaS (software as a service) servers as a precautionary measure.
"[We] immediately notified our customers via email, in-product notices and phone to shut down their servers to prevent them from being compromised," Mr Voccola said in a statement.
“We notified law enforcement and government cyber security agencies, including the FBI and CISA. While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability," he added.
Victims are already getting individual ransom demands ranging from $44,999 to $5 million.
“The Kaseya ransomware attack clearly demonstrates that, without the right data protection, everyone is at risk of ransomware,” Peter Grimmond, international head of technology at data management company Veritas Technologies, said.
“The end-user companies caught in the crossfire of this attack are largely there by misfortune but this can be just as profitable for the hackers. Thousands of $45,000 payments quickly add up to huge hauls for the hackers.”
If hackers can get victims to “band together to make a single $70m payment”, they will “pocket a massive sum of money” in one go, Mr Grimmond said.
In a statement last week, the US Cybersecurity and Infrastructure Security Agency said it was “taking action to understand and address the recent supply chain ransomware attack” against Kaseya.
The FBI said it is contacting the victims.
President Joe Biden said on Saturday he has directed US intelligence agencies to investigate who was behind the sophisticated ransomware attack.
The cyber security market is forecast to be worth $363.05 billion in 2025, almost 125 per cent more than the amount spent in 2019, according to Mordor Intelligence, a research consultancy. The market is projected to grow at an annual rate of 14.5 per cent over the next four years.