The number of companies that have suffered from the REvil macro cyberattack now exceeds 350 organizations worldwide from which the cybercriminals are demanding 70 million in bitcoins to provide them with a universal decryptor to restore their data.
The attack was conducted through the update system of IT services software company Kaseya, which REvil exploited to spread and hide ransomware. The virus was leaked to TI Kaseya resellers and from there has reached all end customers using their software.
The official data provided by TI Kaseya sets the number of affected companies at 350, although other sources such as the cybersecurity company ESET talk about more than 1,000, including some Spanish organizations, although no names have been disclosed.
It has been made public that one of the companies most affected by the cyberattack has been the Swedish supermarket chain Coop, which has had to close its more than 800 points of sale for a few days due to the impossibility of using its cash registers or charging customers.
Based on Sophos threat intelligence, REvil has been active in recent weeks and is currently the dominant ransomware gang involved in Sophos' defensively managed threat response cases. Prior to this latest attack, they were also responsible for the one suffered by meat company JBS, which forced the cancellation of all work shifts at the company's slaughterhouses in the US. JBS paid up to 11 million to restore normal operations.
These macro cyber-attacks are in addition to other recent and highly significant ones, such as the one perpetrated by the hacker group DarkSide, which forced the preventive shutdown of the largest oil pipeline network in the United States, Colonial Pipeline, endangering the supply of fuel in a large part of the country, or the one suffered by the SEPE and the Ministry of Labor in Spain a few weeks ago.