10 Big Things To Know About The Kaseya Cyberattack

2. REvil Makes Largest Ransom Demand Of All-Time

Notorious ransomware operator REvil made the largest ransom demand of all-time over the weekend, demanding $70 million to decrypt the nearly 1,500 victims in the Kaseya ransomware attack. The offer to publicly provide a decryptor to all victims represented a shift in tactics for REvil, which up until then had been demanding separate smaller payments from each of the victims.

REvil initially demanded $5 million from larger companies, $500,000 from smaller firms with multiple locked file extensions, and $45,000 from smaller companies where locked files have the same extension. A universal decryptor would provide victims with a faster path to recovery, and REvil is likely hoping that insurers see $70 million as a small price to pay for eliminating downtime, said Emsisoft’s Brett Callow.

The ransomware gang lowered the price for a universal decryptor overnight Monday from $70 million to $50 million, equal in size to the ransom demand REvil made in March after compromising Taiwanese PC giant Acer. Organizations have become increasingly willing to fork over large ransoms, with Colonial Pipeline paying Darkside $4.3 million in May and meatpacking giant JBS paying REvil $11 million in June.