REvil ransomware gang demands $70 million in Bitcoin for the tool for decrypting all systems locked during the Kaseya supply-chain attack.
The attack was propagated through Kaseya VSA cloud-based solution used by managed service providers (MSPs) to monitor customer systems and for patch management.
Customers of multiple MSPs were affected by the attack and the REvil ransomware encrypted networks of at least 1,000 businesses across the world.
The gang posted on their leak site that they locked more than a million systems and are willing to negotiate for a universal decryptor, starting from $70 million.
This is the highest ransom demand made so far by any gang and the previous record also belongs to REvil, in which they asked $50 million after attacking Taiwanese electronic and computer maker Acer.
Earlier, REvil ransomware asked $5 million from MSPs for a decryption tool and a $44,999 ransom from their customers.
But as the gang used multiple extensions when encrypting the files, the $44,999 demand was for unlocking files with the same extension.
For victims with locked files that have multiple extensions following the REvil ransomware encryption, the gang’s demand can be as high as $500,000.
REvil conducted this massive attack by exploiting a zero-day vulnerability in Kaseya VSA server that was reported privately and was in the process of being fixed.
The researchers from the Dutch Institute for Vulnerability Disclosure (DIVD) reported the bug and Kaseya had already created a patch that was being validated before delivering it to customers.
However, the REvil affiliates knew about the vulnerability, and exploited it before Kaseya could release the patches.
At the moment the full extent of this attack is not known but the investigation is ongoing.
U.S. President Biden also addressed the Kaseya supply-chain attack, directing intelligence agencies to investigate the hack that affected hundreds of U.S. businesses.