The largest ransomware attack on record has hit the IT systems of up to 1million companies on virtually every continent as Russian-linked hackers demand $70million in cryptocurrency to fix it

The largest ransomware attack on record has hit the IT systems of up to 1million companies on virtually every continent as Russian-linked hackers demand $70million in cryptocurrency to fix it. 

Swedish grocery stores, schools in New Zealand, and two major Dutch IT firms were among the victims of hacking group REvil which launched its attack on Friday after breaching the systems of US-based software firm Kaseya. 

Kaseya says just a few dozen of its customers were directly affected by the attack, but knock-on effects have brought down firms in 17 countries including US and the UK – with one expert saying the attack is ‘unprecedented’ in its scale and sophistication.

REvil, which was behind the Memorial Day hack of meat processor JBS which saw an $11million ransom paid, has been demanding ransoms of up to $5million from individual firms – but now says for $70million it will unlock all affected networks.

Joe Biden, who last month warned President Putin to take action against hacking groups targeting the US from Russia, said the FBI is investigating the latest hack and 광주 성형외과 he will take action if Moscow is deemed to be responsible.

Analysts said it is no coincidence that the latest attack coincided with the July 4 weekend, when companies would be under-staffed and less able to respond.  

Ciaran Martin, founder of the UK’s National Cyber Security Centre, told Radio 4: ‘The scale and sophistication of this global crime is rare, if not unprecedented.

‘It is a really serious, global operation.’ 

Swedish grocery chain Coop was forced to close all 800 of its stores on Sunday and said they would remain shut on Monday after its tills were affected.

The country’s national rail operator and public broadcaster SVT were also affected.

In Germany, an unnamed IT services company told authorities several thousand 광주 성형외과 of its customers were compromised.

Also among reported victims were two big Dutch IT services companies – VelzArt and Hoppenbrouwer Techniek.

But most victims are believed to be small to medium-sized businesses and public services that are unlikely to announce they have been infected – such as dental practices, architecture firms, plastic surgery centers, and libraries. 

Hackers managed to bring down the firms by infiltrating VSA, a piece of Kaseya software that is used to manage much larger IT networks. 

Fred Voccola, the company’s CEO, said that only around 60 of his clients had been directly affected in the attack – but they in turn provide IT support to many other firms, creating a snowball effect.

Such a hack is known as a ‘supply chain’ attack. 

The REvil group combined the ‘supply chain’ attack with a ransomware attack, during which a company’s IT systems are scrambled and rendered un-usable.

If a ransom is paid, hackers deliver a decryptor key which unscrambles the network. 

Experts said the fact that REvil was offering a bulk ransom of $70million to unscramble all affected networks suggests its hack was far more wide-reaching than the hackers themselves had anticipated.

Allan Liska, an analyst with the cybersecurity firm Recorded Future, said: ‘This attack is a lot bigger than they expected and it is getting a lot of attention. 

‘It is in REvil’s interest to end it quickly.

This is a nightmare to manage.’

Analyst Brett Callow of Emsisoft said he suspects REvil is hoping insurers might crunch the numbers and determine the $70million will be cheaper for them than extended downtime.

Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the ransomware. 

Dutch researchers said they alerted Kaseya to the fault in its software which hackers exploited before Friday’s attack, and were working with the firm to fix it.

However, the hackers struck before a fix could be found. 

Voccola would not offer details of the breach — except to say that it was not ‘phishing’, a type of low-tech attack where hackers gain access to a network by duping users into clicking on malicious links or downloading corrupted files.

‘The level of sophistication here was extraordinary,’ he said.

When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code but also exploited vulnerabilities in third-party software.

Earlier, the FBI said in a that while it was investigating the attack its scale ‘may make it so that we are unable to respond to each victim individually.’ 

Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had ‘directed the full resources of the government to investigate this incident’ and urged all who believed they were compromised to alert the FBI.

The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses but insisted that he ‘will respond’ if it is tied to Russian President Vladimir Putin.

‘We’re not sure who it is,’ he said, while he celebrated the start of July 4 weekend at a cherry farm in Central Lake, Michigan.

‘The initial thinking was it was not the Russian government but we’re not sure yet.’

He added: ‘If it is either with the knowledge of and/or a consequence of Russia, 광주 성형외과 then I told Putin we will respond.’