By Kevin Collier - NBC News
The
hacking
group
that is allegedly behind the
wave of cyberattacks on the weekend of
July 4 said to have locked more than a million devices and is demanding $ 70 million in
bitcoins
to release them.
REvil, a criminal group with Russian connections, is known to have hacked at the beginning of last month the American company JBS, one of the largest suppliers of meat in the world, interrupting its operations in much of North America for a few hours.
But the potential scope of this new attack is unprecedented, according to some cybersecurity experts.
REvil
began its attack on Friday by
compromising the operation of Kaseya, a
software
company
that helps companies manage updates to their computer programs.
[A chain cyberattack hits 200 companies in the United States]
Since many of his clients are companies that run Internet services for other companies, the number of victims was increasing rapidly.
Instead of blocking the systems of a single organization, as is often done in data hijacking (
ransomware
) cyberattacks, this time REvil
blocked hundreds of computers and servers
through an action that spread automatically across the network. of Kaseya's clients.
Vladimir Putin denies that Russia is behind the cyber attacks on the US in an interview with NBC News
June 14, 202101: 12
The president, Joe Biden, indicated this Sunday that he has "allocated all the resources" of the federal government to investigate this attack.
The Swedish supermarket chain Coop is so far the biggest known victim of the cyber attack, which forced it to close most of its nearly 800 stores on Saturday.
Their cash registers are monitored online by Visma Esscom, a Kaseya customer, and have thus been blocked and rendered useless.
It is still unknown how many operating systems have been affected
, although it is expected to be a considerable number.
The cybersecurity company Huntress, which is helping Kaseya manage this crisis, is aware that more than 1,000 companies are currently inoperative.
Experts have not been able to confirm that more than a million devices have been compromised, as stated by REvil, given that few victims speak publicly, but it is a plausible figure, according to Mikko Hypponen, a researcher at the cybersecurity company F -Secure.
[Alert for the recent cyberattacks: the Government urges to take measures to avoid them]
"Think of a chain of stores," Hypponen explained, "each checkout system is an end point. Each computer. Everyone in sales has a system, multiple servers. [In] 200 stores, [or] 300 stores, they alone would have thousands of endpoints. And if 1,000 companies like Coop were infected, yes, there would be a million endpoints "affected.
Regardless of the actual number of those affected, it is very difficult to imagine that they jointly pay the 70 million dollars of ransom requested, said Allan Liska, an analyst at the cybersecurity company Recorded Future.
This is how we must prepare against cyberattacks that have put multinationals in check
June 7, 202101: 34
"Despite the swagger of their note, I actually think it's a sign that they're overwhelmed," Liska said.
[Meat packing company JBS paid an $ 11 million ransom to hackers who attacked their servers]
If each victim paid $ 45 million, as the criminals initially demanded, it would be a benefit of $ 45 billion, Liska noted.
"Thus, they are reducing [the rescue] to 70 million dollars," he said.