The REvil ransomware gang, also known as Sodinokibi, is publicly demanding $US70 million ($A93 million) to restore the data it is holding ransom after their data-scrambling software affected hundreds of small and medium businesses across a dozen countries – including schools in New Zealand and supermarkets in Sweden.
But in a conversation with Jack Cable of the cybersecurity-focused Krebs Stamos Group, one of the gang’s affiliates said he could sell a “universal decryptor” for all the victims for $US50 million.
Cable told Reuters he managed to get through to the hackers after obtaining a cryptographic key needed to log on to the group’s payment portal.
Reuters was subsequently able to log on to the payment portal and chat with an operator who said the price was unchanged at $US70 million “but we are always ready to negotiate”.
Because of REvil’s affiliate structure, it is occasionally difficult to determine who speaks on the hackers’ behalf but Cable said both conversations suggested that despite the headline $US70 million demand “they’re definitely not attached to that number”.
“It makes you wonder if they’re having a hard time getting people to pay,” he said.
Another expert said that the hackers, by encrypting so much data from so many businesses at once, may have bitten off more than they could chew.
“For all of their big talk on their blog, I think this got way out of hand,” said Allan Liska of cybersecurity firm Recorded Future.
The fallout of July 2 hack is still coming into focus.
New Zealand officials said on Monday that 11 schools and several kindergartens were affected by the ransomware attack.
Kindergarten Association Whānau Manaaki, which has more than 100 member kindergartens, said it had been hit and had asked members to keep offline, Radio New Zealand reported.
Education Minister Chris Hipkins said the government was working to isolate any further risks.
In their conversation with Reuters, the hackers’ representative described the disruption in New Zealand as an “accident”.
But they expressed no such regret about the disruption in Sweden, where hundreds of Coop supermarkets had to be closed because of the attack.
“Its nothing more than a business,” the representative said when asked about the impact on grocery stores.
About a dozen different countries have been affected by the breach, according to research published by cybersecurity firm ESET.
On Sunday, the White House said it was reaching out to victims of the outbreak “to provide assistance based upon an assessment of national risk”.Jump to next article