Hackers who claim to be behind a mass ransomware attack that has affected hundreds of companies have demanded $70m in Bitcoin to restore the data.
The attack was executed on Friday and has affected at least 200 companies in the United States.
On Sunday, a ransom demand was posted on a blog typically used by the REvil gang, a major Russian-speaking ransomware syndicate.
The group said: “We launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor.”
The group has an affiliate structure, making it difficult to determine who speaks on the hackers’ behalf, but Allan Liska from cybersecurity firm Recorded Future said the message “almost certainly” came from REvil’s core leadership.
The ransomware attack was among the most dramatic in a series of increasingly attention-grabbing hacks.
The gang broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients’ clients, setting off a chain reaction that quickly paralyzed the computers of hundreds of firms worldwide.
Cybersecurity experts blamed REvil for the attack but the statement posted on Sunday was the group’s first public acknowledgement that it was behind it.
Looks like #REvil is asking for $70 million in $BTC to release the Kaseya decryptor publicly. pic.twitter.com/0m7YhCclqb
Mr Liska said he believed the hackers had bitten off more than they could chew.
“For all of their big talk on their blog, I think this got way out of hand and is a lot bigger than they expected,” he said.
US President Joe Biden said on Saturday that his government is not sure who was behind the attack but he did not rule out Russian involvement.
Experts believe the attack was deliberately timed to coincide with the 4 July holiday weekend, when fewer IT staff are traditionally on duty.
Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically.
It is not yet clear how many Kaseya customers might be affected or who they might be but the company has hired cybersecurity company FireEye to help deal with the fallout.