Hackers reportedly lower ransom demand to restore data to $50M

The Russia-linked ransomware gang known as REvil has reportedly lowered the amount of money it is willing to accept in exchange for data belonging to hundreds of companies worldwide that it is holding hostage.

Reuters reports an affiliate of the gang told cybersecurity expert Jack Cable of the Krebs Stamos Group they would sell a “universal decryptor” for $50 million.

The group had originally demanded $70 million in exchange for the data. However, cybersecurity expert Allan Liska told Reuters that he believed the group was likely in over its head with the scope of this massive global hack.

“For all of their big talk on their blog, I think this got way out of hand,” Liska told the news outlet. He said the $70 million demand appeared to be the group’s attempt at making the best of an awkward situation.

Cable told Reuters that he was able to contact the hackers by obtaining a cryptographic key to the gang’s payment portal. Reuters reports that it too was able to get through to the cybercriminal gang, who told the outlet that its monetary demand remained unchanged at $70 million, “but we are always ready to negotiate.”

REvil’s structure can make it difficult to determine who speaks for the group, but Cable said the conversations indicated it is not attached to the initial $70 million figure.

Speaking to Reuters, an affiliate of REvil, also known as Sodinokibi, expressed regret over the hack impacting a kindergarten association in New Zealand, calling it an accident. However, when asked about the hack’s impact on a Swedish grocery chain, the hacker told Reuters, “It’s nothing more than a business.”

The hack was carried out through a breach of Florida-based software company Kaseya, and most of the victims of the attack were Kaseya’s clients.

Kaseya CEO Fred Voccola declined to say whether he was willing to pay the ransom demand. Voccola told Reuters he has been in contact with officials from the White House, FBI and the Department of Homeland Security.

“I can’t comment ‘yes,’ ‘no,’ or ‘maybe,'” Voccola said. “No comment on anything to do with negotiating with terrorists in any way.”

Voccola added that he was not aware of any nationally important organization having been affected by the hack.

“We’re not looking at massive critical infrastructure,” Voccola said. “That’s not our business. We’re not running AT&T’s network or Verizon’s 911 system. Nothing like that.”