Image 01 Image 02 Image 03

Hacker Group Behind Weekend Cyberattack Demands $70 Million

Hacker Group Behind Weekend Cyberattack Demands $70 Million

Grocery store chain Swedish Coop took the brunt. It closed over 800 stores since the cash registers went offline.

The hacker group supposedly behind a massive cyberattack over the weekend demanded $70 million in Bitcoin in return for the stolen data:

The demand was posted on a blog typically used by the REvil cybercrime gang, a Russia-linked group that is counted among the cybercriminal world’s most prolific extortionists.

The gang has an affiliate structure, occasionally making it difficult to determine who speaks on the hackers’ behalf, but Allan Liska of cybersecurity firm Recorded Future said the message “almost certainly” came from REvil’s core leadership.

The group has not responded to an attempt by Reuters to reach it for comment.

REvil’s ransomware attack, which the group executed on Friday, was among the most dramatic in a series of increasingly attention-grabbing hacks.

REvil is responsible for the JBS hack, which led to shutdowns of most of their meatpacking plants in North America.

This attack targeted Kaseya, an information technology firm based in Miami, FL:

REvil began its spree Friday by compromising Kaseya, a software company that helps companies manage basic software updates. Since many of Kaseya’s customers are companies that manage internet services for other businesses, the number of victims grew quickly. Instead of locking an individual organization, as ransomware gangs usually do, REvil this time locked each victim computer as a standalone target, and initially asked $45,000 to unlock each specific one.

President Joe Biden has “directed the full resources” of the government toward investigating the problem, he told reporters Sunday.

Grocery store chain Swedish Coop took the brunt of the attack. It had to close a lot of stores because the cash registers could not get online. Visma EssCom controls the registers online, which is a Kaseya customer.

REvil claims it “compromised more than a million devices in this spree,” but no one can prove it. It is possible, though:

REvil’s claim that they have compromised more than a million devices in this spree is impossible to prove, given how few victims are speaking publicly and the fact that no government or company has a database of everyone who was hit. But that number is plausible, said Mikko Hypponen⁩, a researcher at the cybersecurity company F-Secure, given that this strain of ransomware infects each device individually.

“Think about a retail chain, like grocery retail,” Hypponen⁩ said. “Every single cashier system is an endpoint. Every laptop. Everybody in the sales has a system, multiple servers. 200 stores, 300 stores, they alone would have thousands of endpoints. And if a thousand Coop-like companies were infected, yes, you would have a million endpoints.”


Donations tax deductible
to the full extent allowed by law.


Time to start deploying special forces to eliminate these scumbags. This is economic terrorism.

    It will continue to happen. The Biden-Cackles Administration is a joke to the world.

    mark311 in reply to Paul. | July 5, 2021 at 6:51 pm

    What to Russia? I can see that going badly very quickly

      Paul in reply to mark311. | July 5, 2021 at 7:39 pm

      You cool with Russia waging economic terrorism on us? It’s better than the biological warfare being waged on us by the Chicomms, but still it’s time for Biden* to grow a sack and do something about it.

        henrybowman in reply to Paul. | July 5, 2021 at 7:46 pm

        I don’t think we’re to the point yet where home-based terrorists in foreign havens can wage effective biowarfare across international borders. Cyber-warfare, on the other hand… we’re way past that point. People can do that from their mancaves. This isn’t something you’re going to fix with a strike team on a lab, you’re going to need a strike team for every single participant, in multiple cities… good luck.

          You don’t have to take out all of them. You just have to take out enough to make them each afraid they’ll be next.

          No voilence is necessary. We only need to react in kind with super-cyber revenge.

          But this won’t happen in a Senile-Cackles administration. Even if Biden wasn’t senile, and Harris wasn’t talentless bozo, nothing would be different: fascist regeimes are allies of the American left, and we are the enemy.

Too bad they don’t do this to the Iranians.

I’m thinking paid with a AGM-65

henrybowman | July 5, 2021 at 7:41 pm

“the cash registers could not get online. Visma EssCom controls the registers online, which is a Kaseya customer.”

Well, there’s a gilded example of how and why NOT to let a third party manage the day-to-day operation of your assets.

This is all software bugs. We need more intuitive programmers instead of 9-5 drudges.

Hacking is based on intuition. What kind of mistake are they likely to have made if it behaves like this when probed.

The mistake likely to have made intuition is what you want in the original programmer, which they universally don’t have.

    thad_the_man in reply to rhhardin. | July 5, 2021 at 10:17 pm

    Partially true. There are other reasons.

    The 9-5 programmers you mention come from the “learn to code” mindset.

    Not all people are meant to be programmers, but they don’t tell you that.

    These hackers are probably under the sponsorship of either Iran, Russia, China or North Korea. In other words, they are operating on a scale nearly comensurate with Microsoft or Google.

    And don’t forget how many Americans in science and in politics that are in the pockets of Red China. If the FBI wasnt’ corrupted, they’d be going after these people wholesale. But then, the likes of Christopher Wray leads the FBi.

    GWB in reply to rhhardin. | July 6, 2021 at 9:23 am

    Intuition is not the answer. Coding securely IS.
    If you’re coding for pretty or usability first, then you build Versailles and try to secure all those glass walls after the fact. If you’re coding securely, you build Fort Knox and only put a door or window in when you absolutely need it.

    And none of Windows is the Fort Knox route.

      RobertD in reply to GWB. | July 6, 2021 at 1:28 pm

      I am pretty sure that when rhhardin says “intuition” he is indirectly talking about coding securely. He is saying that as a programmer you should think like a hacker and imagine the different actions that a hacker may take, like for example sending invalid parameters within the query component of a URL/URI to see how your web application reacts. I agree with him that this is all caused by software bugs and speaks to the lack of skill of the software teams involved.
      I want to add that in addition to lacking security-related intuition and skills, a very large percentage of programmers these days get fixated on non-measurable, non-tangible things like architecture, design, code aesthetics and other artsy opinion-based concepts, while making tangible, measurable things like performance, security, and lack of bugs a much lower priority.

healthguyfsu | July 5, 2021 at 11:52 pm

Hmmm…let’s check Biden’s list. Nope not on there….free and clear for Russia to hack away!

CNN chyron will read Biden ‘line in sand’ list works as attacks are directed at lesser targets

    Brave Sir Robbin in reply to healthguyfsu. | July 6, 2021 at 12:08 am

    Yes those Republicans – I mean white supremacists, they are the threat. Let’s root them out. Solitary confinement until they see the light and repent their evil ways.

    The foolishness of this administration is breath taking.

This is an act of war.

I hear the ransom has been reduced to $50 million.
Someone wondered if this was because someone was offering $50+ million to the Russian mafia to hit these guys.

Meganinvegas | July 6, 2021 at 11:41 am

Biden better schedule a ” conference call with Vladimir and give him a revised list of companies that are not allowed to be hacked

The hackers need to be “Taken”! I will LOOK for you, I will FIND you, and I will, well, you know the rest!
Seriously though, I’d like to see IMPOTUS joe and harris’s list to see IF this latest attack was on a “forBIDEN” fruit or if the list was a PRICE LIST with the % going to the BIG GUY!!