$70 million: The Russian hacker who extorted Apple has a new move

Russian hackers “doing big tickets” in the U.S.

[Guide] A frightening hacker organization has a new action. Recently, they launched an ultra-large-scale cyber attack. One million systems were infected, hundreds of American companies were paralyzed, and the hackers offered $70 million. Biden said he has ordered the FBI to investigate.

According to news yesterday, the United States has ordered an investigation into a ransomware campaign. The hackers behind the campaign have ransomed more than $100 million and paralyzed hundreds of companies in just a few months.

Their name is: REvil.

The companies they have attacked include Apple and Acer, as well as JBS, the world’s largest meat processing company. Among them, JBS obediently paid him $11 million in Bitcoin.

Their characteristic is that no matter who the intruder is, they will publish the stolen files on a website called Happy Blog.

Sunday, REvil again a big opening, posted on its website a one-pass with decryption software key can decrypt all the affected machine and ask for $ 70 million in exchange for decryption.

 million: The Russian hacker who extorted Apple has a new move

Last Friday (02.07.2021) we launched an attack on the MSP supplier. More than 1 million systems were infected. If someone wants to negotiate a universal decryptor–our price is $70 million (BTC), we will publicly release the decryptor to decrypt all victims’ files, so everyone will be able to recover from the attack in less than an hour restore. If you are interested in such a transaction, please contact us according to the victim’s “readme” file instructions

This attack appears to be the largest ever launched by REvil. The attack has caused as many as 40,000 computers worldwide to be infected.

How did this happen?

The “ransom” is as high as 70 million U.S. dollars, and the 0-day vulnerability has become the target of global hacker attacks

The attack last week was mainly focused on the Kaseya VSA software. Kaseya’s VSA is used to monitor and manage the infrastructure, and it is provided by Kaseya as a hosted cloud service or through a local VSA server.

 million: The Russian hacker who extorted Apple has a new move

The REvil ransomware group demanded a ransom of $70 million, and after receiving the money, it would release a universal decoder.

 million: The Russian hacker who extorted Apple has a new move

Kesaya’s VSA software allows hosting service providers to remotely monitor their customers’ IT networks

A guest user, said there is a large number of 0-day vulnerability in its VSA software, these vulnerabilities are used as channels for blackmail deployed software.

 million: The Russian hacker who extorted Apple has a new move

Then, they use ransomware to lock down the data and allow the attacker to connect to the host via HTTP access and manually inject malware.

 million: The Russian hacker who extorted Apple has a new move

“More than 70 management service providers were affected, resulting in more than 350 organizations being further affected.”

These include Coop, a supermarket chain in Sweden. The company has temporarily closed its approximately 800 stores across the country because the attack affected its cash registers.

 million: The Russian hacker who extorted Apple has a new move

Due to the attack, the Swedish supermarket chain Coop had to temporarily close its 800 stores

Using Kaseya’s vulnerabilities to create potential vulnerabilities, the REvil group certainly did not forget to brag about successful attacks on MSP vendors and shared the news that more than one million systems were infected.

“Attracts” Biden’s attention, makes the FBI investigate and advises customers not to pay

Such a large-scale attack ” got ” attention, and Biden said that he would investigate the incident. The FBI hopes that everyone who is compromised can report to the authorities.

 million: The Russian hacker who extorted Apple has a new move

However, for such incidents, the FBI has discouraged victims from paying.

 million: The Russian hacker who extorted Apple has a new move

Because according to a report this year, 92% of paying organizations are unable to recover all data; most victims who paid cash can only partially recover the contents of their encrypted files.

Threatened to leak MacBook schematics and demanded $50 million!

Due to its “rich performance”, REvil is one of the ten most dangerous cybercriminal organizations in the world.

Prior to this, REvil’s famous blackmail incident was the theft of Apple product manufacturing secrets in April this year.

At that time, the hacker organization REvil issued a statement saying that they had hacked Quanta, the manufacturer of MacBooks and other products, and demanded a ransom of US$50 million, otherwise it would release sensitive internal documents.

 million: The Russian hacker who extorted Apple has a new move

After Quanta Computer refused to pay the ransom, the hacker organization began to expose the stolen pictures during Apple’s spring release event on April 20, US time, and continued to blackmail Apple.

Apple is one of the largest companies in the world, and REvil’s ability to enter has proved the strength of this criminal gang from the side.

A cyber security company that specializes in negotiating with criminal hackers said that in the past 90 days alone, his company has handled 32 REvil-organized cases.

 million: The Russian hacker who extorted Apple has a new move

Hackers hacked Apple suppliers and demanded a ransom of 50 million dollars

However, in the past REvil mainly attacked the professional service field, not the technical field. So this attack on Apple and demanding $50 million is very different from what it did before.

Negotiation experts said that the average ransom in the past was also much lower, when it was only nearly $728,000. After the price negotiation, the actual average ransom paid was even lower than this.

The cybersecurity company said that according to rough estimates, the group has raised a total of US$100 million so far. However, this group is also more “negotiable.”

Russian hackers focus on pitting “beauty”

In addition to extorting money, Russian hackers are “enthusiastic” about engaging in the United States.

Two months ago, another hacker group named DarkSide hacked into Colonial Pipeline, the largest fuel pipeline operator in the United States.

 million: The Russian hacker who extorted Apple has a new move

At that time, nearly 100GB of data was hijacked, and the data can only be retrieved if a ransom is paid.

This directly forced the closure of key fuel networks that supply fuel to the eastern coastal states of the United States. Not only that, but U.S. fuel prices have also soared and hit new highs.

The dramatic thing is that after these people extorted money, they actually donated it to a charity organization.

Reference materials:

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/70-million-the-russian-hacker-who-extorted-apple-has-a-new-move/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-07-06 07:40
Next 2021-07-06 07:43

Related articles