Hackers do not get the $ 70 million they need from ransomware assaults

An international ransomware attack that began with Florida-based IT company Kaseya won’t raise the full $ 70 million its Russia-affiliated hackers are claiming, Huntress CEO Kyle Hanslovan told CNBC on Tuesday.

“I wouldn’t be surprised if someone paid the ransom to get it closer to $ 40 [million] increased to $ 50 million, “said Hanslovan, whose cybersecurity firm has been helping Kaseya with incident response and disaster recovery since Friday’s security breach.

“With that in mind, I haven’t seen anything to suggest that Kaseya is paying for the universal decryptor, the one that decrypts both its customers and its customers’ customers,” added Hanslovan in a Squawk Box interview.

The REvil hacker gang is publicly demanding $ 70 million in cryptocurrency to unlock data from the attack that spread to hundreds of small and medium-sized businesses in a dozen countries.

Jack Cable of the cybersecurity-focused Krebs Stamos Group told Reuters that one of the group companies had already expressed its willingness in a private conversation to lower the price of a “universal decryptor” to 50 million US dollars. While it can be difficult to determine who is speaking on behalf of the hackers, Cable said his conversations indicated that they “are definitely not hanging on to their $ 70 million bid”.

Fred Voccola, CEO of Kaseya, said Monday that between 800 and 1,500 companies were affected by the attack, with the effects expected to continue on Tuesday when people return to the office after the July 4th weekend.

“My guess would be [that the] Total number of companies, and from what we’ve seen, the hackers don’t have a feedback loop on how many people were compromised, “said Hanslovan, adding that the hackers’ claims of infecting 1 million systems were simply” bragging rights “.

Cyber ​​security experts said the gang targeted software provider Kaseya with its network management package to spread the ransomware through cloud service providers. The injury caused hundreds of Co-op grocery stores in Sweden to temporarily close after the checkouts were blocked. More than 10 schools and several kindergartens in New Zealand were also affected.

The company is headquartered in Miami and has offices in the United States, Canada, Europe and the Asia-Pacific region.

“Everyone was awakened by a synchronized attack. That means they’re targeting managed service providers, and it’s kind of a one-to-many attack that affects many industries, “said Hanslovan, pointing out that healthcare companies, law firms and even federal agencies have faced similar attacks.

The White House said Sunday it is reaching out to victims of the attack “to provide assistance based on a national risk assessment”.