• Russia-based ransomware group REvil brought down the network of over 200 U.S. companies and demanded Bitcoin worth $70 million.
  • The attack spread to over 1 million machines that were running supply chain software provided by Kaseya.
  • REvil targeted a zero-day vulnerability in Kaseya’s system to launch a sophisticated cyberattack.

REvil or Ransomware Evil has launched a large-scale ransomware attack, targeting hundreds of companies using outsourced IT services from Managed Service Providers (MSPs) of Kaseya VSA. The attack is currently one of the biggest known cyberattacks in the history of the world, considering the cost that is involved in the affected companies working around the encrypted data lost to the attack. 

REvil demands $70 million in Bitcoin

REvil also known as Sodinokibi is a cybercriminal group that runs private ransomware as a service (RaaS) operation. REvil recruits affiliates to distribute ransomware and splits revenue generated from ransom payments, with them. 

On July 2, REvil attacked end-user organizations using MSP providers of Kaseya. Kaseya offers industry-leading IT solutions through their IT Complete Product Suite and their family of companies like Unitrends, RapidFire Tools, Spanning Cloud Apps among others. 

Over 40,000 organizations worldwide avail Kaseya’s services. 

The attack did not directly affect the MSPs of Kaseya and instead targeted end-user organizations that remain undisclosed. The target companies found their data encrypted and this includes several small to medium-sized businesses since these are the companies that lack the resources to manage an IT infrastructure in-house. 

So far no company has come forward with details of the damage that this attack had on their data. However, the number of impacted companies is likely to increase according to John Hammon, a security researcher at US-based cybersecurity company, Huntress.

REvil has asked their targets for a ransom of $70 million in Bitcoin for publicly decrypting their data within an hour, based on their post on the Happy Blog, the cybercriminal group’s blog. 

In response to REvil’s ownership of the attack, Kaseya CEO, Fred Voccola was quoted saying,

Kaseya has done all the right things. We are waiting for a full report once this is resolved. We are really fortunate that this happened on the July 4 weekend when many of our customers are not working. If this had been a regular work week, it would have been a much bigger disaster.

Kaseya to launch patch for the zero-day vulnerability

Kaseya is currently assisting the affected companies in protecting their systems by offering the patch for installation, before restarting the VSA. 

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working with Kaseya and coordinating to conduct outreach to impacted victims. 

REvil’s attack is not yet attributed to the Russian Government, though it is confirmed that Bitcoin from REvil’s last hack on the world’s largest meat-packer JBS S.A on May 30 hit a darknet marketplace that exclusively caters to Russian users.

While the investigation continues, companies have the choice to recover from this incident by reinstating their data using backup. However, this poses a data privacy challenge since REvil claims to have access to the data of clients and may publish it on their blog or sell it on the darknet, in case of non-payment. This leaves companies with one choice, to pay the ransom and wait for REvil to decrypt their data. 

REvil’s last target, the world’s largest meat-packer JBS S.A. paid $11 million in Bitcoin as ransom to decrypt their data. 

The target companies have limited choices since this is a sophisticated cyberattack. The attack targeted a vulnerability that was zero-day, meaning it was less widely known. 

According to the chair of the Dutch institute for Vulnerability Disclosure, a software patch was made to fix this vulnerability, but it was not distributed to users yet. It would require a higher level of cybersecurity and technical sophistication for companies to protect themselves from such attacks in the future and to protect their systems from zero-day vulnerability exploits. 

Several companies have been stockpiling Bitcoin to cover all their bases, since 2017, according to cybersecurity experts and firms, in the event of a large-scale attack.


Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.

If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.

FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.

The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.

Recommended content


Recommended Content

Editors’ Picks

Ripple update: XRP shows resilience in recent crypto market sell-off

Ripple update: XRP shows resilience in recent crypto market sell-off

Ripple's XRP is up 6% on Tuesday following a series of on-chain metrics, which reveals investors in the remittance-based token held onto their assets despite the wider crypto market sell-off last week.

More Ripple News
Floki DAO floats liquidity provisioning for a Floki ETP in Europe

Floki DAO floats liquidity provisioning for a Floki ETP in Europe

Floki DAO — the organization that manages the memecoin Floki — has proposed allocating a portion of its treasury to an asset manager in a bid to launch an exchange-traded product (ETP) in Europe, allowing institutional investors to gain exposure to the memecoin.

More Crypto News
Six Bitcoin mutual funds to debut in Israel next week: Report

Six Bitcoin mutual funds to debut in Israel next week: Report

Six mutual funds tracking the price of bitcoin (BTC) will debut in Israel next week after the Israel Securities Authority (ISA) granted permission for the products, Calcalist reported on Wednesday.

More Crypto News
Crypto Today: BTC hits new Trump-era low as Chainlink, HBAR and AAVE lead market recovery

Crypto Today: BTC hits new Trump-era low as Chainlink, HBAR and AAVE lead market recovery

The global cryptocurrency market cap shrank by $500 billion after the Federal Reserve's hawkish statements on December 17. Amid the market crash, Bitcoin price declined 7.2% last week, recording its first weekly timeframe loss since Donald Trump’s re-election. 

More Cryptocurrencies News
Bitcoin: 2025 outlook brightens on expectations of US pro-crypto policy

Bitcoin: 2025 outlook brightens on expectations of US pro-crypto policy

Bitcoin price has surged more than 140% in 2024, reaching the $100K milestone in early December. The rally was driven by the launch of Bitcoin Spot ETFs in January and the reduced supply following the fourth halving event in April.

Read full analysis
Best Forex Brokers with Low Spreads

Best Forex Brokers with Low Spreads

VERIFIED Low spreads are crucial for reducing trading costs. Explore top Forex brokers offering competitive spreads and high leverage. Compare options for EUR/USD, GBP/USD, USD/JPY, and Gold.

Read More

BTC

ETH

XRP