REvil ransomware gang revises its ransom demand

The Kaseya ransomware attack is one of the biggest cybersecurity attacks that has crippled several organizations in Europe and around the world. The ransomware attack puts organizations in the dock for poor patch management and not fixing vulnerabilities in their legacy applications. The worldwide July 2 attacks on the Kaseya Virtual System/Server Administrator (VSA) platform by the REvil ransomware gang has been possible due to exploits of a zero-day security vulnerability. Kaseya has swung into full action to fix the vulnerabilities in the systems as it is trying to apply patches for the on-premise version. 

The VSA software is used by Kaseya customers to remotely monitor and manage software and network infrastructure. It’s supplied either as a hosted cloud service by Kaseya, or via on-premises VSA servers.

Interestingly, the REvil gang has also revised its ransom demand for releasing the decryption key. It is offering the key at $50 million from $70 million. It is possible that a lot of Kaseya users are trying to negotiate with the gang to obtain the decryption key. However, experts warn of the consequences of paying the ransom. 

“The Kaseya attack, which paralyzed companies such as the supermarket chain Coop in Sweden, shows that anyone can be targeted. Instead of being blackmailed by cybercriminals, organizations need to proactively prepare defenses to mitigate against paying a painful ransom and reputation loss among customers and partners. To prevent such damages, companies should make their security strategies as proactive as possible and keep backups in case a system reset is needed," suggests Craig Sanderson, VP of Product Management, Infoblox.