REvil, the leading hackers behind the mass extortion attack that affected several companies, on Sunday demanded $70 million to restore the data they are holding ransom, according to a posting on a dark web site.
REvil posted the demand on a blog. REvil executed the ransomware attack on Friday.
The gang has an affiliate structure, making it difficult to determine who speaks on the hackers’ behalf. Allan Liska of cybersecurity firm Recorded Future said the message almost certainly came from REvil’s core leadership.
The group has not responded to an attempt by Reuters to reach it for comment.
The hackers broke into Kaseya, a Miami-based information technology firm, and used their access to breach some of its clients’ clients, setting off a chain reaction that quickly paralyzed the computers of hundreds of firms worldwide.
About a dozen different countries were affected, according to research published by cybersecurity firm ESET.
Swedish Coop grocery store chain closed hundreds of stores on Saturday because its cash registers had been knocked offline due to the cyber attack.
The White House on Sunday said it was reaching out to victims of the outbreak to provide assistance based upon an assessment of national risk.
Those hit included schools, small public-sector bodies, travel and leisure organizations, credit unions and accountants, said Ross McKerchar, chief information security officer at Sophos Group.
McKerchar’s company was one of several that had blamed REvil for the attack, but Sunday’s statement was the group’s first public acknowledgement that it was behind the campaign.
Brazilian meatpacker JBS paid $11 million last month when REvil attacked its systems.
Liska said he believed the hackers had bitten off more than they could chew by scrambling the data of hundreds of companies at a time and that the $70 million demand was an effort to make the best of an awkward situation.