Hackers won’t get $70 million they want in ransomware attack

CNBC’s Kyle Hanslovan, Huntress CEO, said Tuesday that a ransomware international attack that began with Kaseya in Florida won’t fetch the full $70 million that its Russia linked hackers are demanding.

“It wouldn’t surprise to me if someone were to pay the ransom to get it closer to the $40.” [million]”About $50 million,” Hanslovan, whose cybersecurity firm has been supporting Kaseya in its incident response and disaster relief since Friday’s breach, said.

Hanslovan stated that he hasn’t seen any evidence suggesting that Kaseya will pay to buy the universal decryptor. This means that it decrypts both their customers’ customer’s customers.

The REvil hacker gang is publicly demanding $70 million in cryptocurrency to unlock data from the attack, which spread to hundreds of small and medium-sized businesses across a dozen countries.

Jack Cable of cybersecurity-focused Krebs Stamos Group told Reuters that one of the group’s affiliates, in a private conversation, already expressed a willingness to lower the asking price for a “universal decryptor” to $50 million. Cable stated that it is not easy to determine who is speaking on behalf hackers, but that their conversations suggest they are “definitely NOT attached” to their $70million demand.

Kaseya CEO Fred Voccola said Monday that between 800 and 1,500 businesses were affected by the attack, with the fallout expected to continue Tuesday as people return to the office after the Fourth of July weekend.

“My guess is that it would be [that the]total number of companies and from everything that we’ve witnessed, hackers don’t know how many people were compromised,” Hanslovan explained, adding that hacker claims about infecting 1,000,000 systems are just “bragging.”

Cybersecurity experts said the gang targeted software supplier Kaseya using its network-management package to spread the ransomware through cloud-service providers. The breach temporarily shut down hundreds of Sweden’s Coop grocery stores after cash registers were locked up. It also affected several kindergartens and schools in New Zealand.

The company is headquartered near Miami and has offices in the U.S. and Europe.

“Everybody was awakened by a coordinated attack. That means they target managed service providers and it’s kinda a one-to many attack that impacts many industry,” Hanslovan explained, pointing out that similar attacks have been faced by federal entities, legal firms, and health-care companies.

Sunday’s White House statement stated that it would reach out to victims of this attack “to provide assistance basing upon an assessment national risk.”