Just Being Humble, The REvil Hacking Gang At The Moment Of 4 July Asks For A Ransom Of IDR 1 Trillion

The REvil gang connected to the Russian side is suspected of being involved in the ransomware. (photo: unsplash)

JAKARTA - The hacker group responsible for international crimes that occurred over the Fourth of July holiday weekend, said it had locked more than one million individual devices worldwide. They are also demanding $70 million in bitcoins to free all of their digital hostages.

The gang, the Russian-linked REvil, notorious for having previously hacked JBS (the world's largest meat supplier), have temporarily suspended operations across most of the North American continent.

REvil Friday, July 2 started attacking Kaseya, a software company that helps companies manage basic software updates. The reason is that many of Kaseya's customers are companies that manage internet services for other businesses. Furthermore, the number of victims grew rapidly. According to cybersecurity experts the scope of this potential attack is unprecedented.

Instead of locking down individual organizations, as ransomware gangs usually do, REvil locked each victim's computer as a standalone target and initially asked for $45,000 to unlock each one.

President Joe Biden told reporters Sunday, July 4 that he had "deployed the full resources" of the government into investigating the matter.

Swedish grocery store Coop is the biggest known casualty to date. They were forced to close most of their roughly 800 stores throughout Saturday 3 July. The register is controlled online by Visma Esscom, a Kaseya customer, which is locked and unusable.

Until now how many systems have been infected is not known. However, the number is estimated to be very large. Cybersecurity firm Huntress, which assisted with Kaseya's response, said it was aware of more than 1,000 affected businesses.

However REvil's claim that they have attacked more than one million devices has not yet been proven. The reason is only a few victims who speak in public. Even governments or companies don't have databases of everyone affected.

But according to Mikko Hypponen, a researcher at cybersecurity firm F-Secure, the so-called hacker gang makes sense, given that this type of ransomware can infect each device individually.

"Think about a retail chain, like wholesale retail. Every checkout system is an endpoint. Every laptop. Everyone in sales has a system, lots of servers. Two hundred stores, 300 stores, they alone will have thousands of endpoints. And if a thousand companies like infected Coop, yes, you'd have a million endpoints," Hypponen said.

According to Allan Liska, an analyst at cybersecurity firm Recorded Future., regardless of the actual number of victims, it's hard to imagine if the victims all agreed to pay $70 million.

"Even though there was a braggadocio in their records, I actually thought it was a sign that they were overwhelmed. One million victims paying 45,000 each would make $45 billion," Liska said. "They're just being humble when they're only asking for $70 million."