Russian hackers REvil have demanded a $70 million ransom in Bitcoin for a decryption key, after a cyberattack that targeted 1,000 US firms. The breach, which is the largest ransomware attack on record, has reportedly hit the IT systems of up to 1 million companies across the globe, by breaching the systems of US-based software firm Kaseya.

Those affected included a school in New Zealand and Swedish grocery chain Coop. as well as two major Dutch IT firms. Meanwhile, the hackers suspected to be behind the mass extortion attack late on Sunday demanded $70 million to restore the data they are holding ransom – according to a posting on a dark website.

The hackers reportedly later lowered their demands, asking for $50 million rather than the original $70m. The group said: “We launched an attack on MSP providers. More than a million systems were infected. “If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor.”


The demand was posted on a blog typically used by the REvil cybercrime gang – a group with links to Russia, that is considered to be among the cybercriminal world’s most prolific extortionists. The structure of the gang makes it occasionally difficult to determine who speaks on the hackers’ behalf. However, Allan Liska of cybersecurity firm Recorded Future told Reuters the message “almost certainly” came from REvil’s core leadership.

The attack, which happened on Friday, was among the most dramatic hacks ever seen, among a series of increasingly attention-grabbing moves from cyberhackers. US President Joe Biden was on Saturday branded “weak” against Vladimir Putin, after hundreds of US companies were hit by the breach. READ MORE