Ransomware Group REvil Strikes Again, Demands $70M in Bitcoin From 200 US Firms

The Russian-based ransomware group is now demanding bitcoin in exchange for a decrypter for the infected machines.

Jul 5, 2021 at 5:44 a.m. UTC
Updated Sep 14, 2021 at 1:20 p.m. UTC

Ransomware hacking group REvil brought the networks of at least 200 U.S. companies to their knees on Friday and is now demanding $70 million in bitcoin.

  • Australia's ABC News reported on Saturday REvil had targeted software supplier Kaseya and used its network-management package to spread the ransomware via the cloud.
  • Over 1 million machines are said to be infected, according to various other reports.
  • The Russian-based ransomware group is now demanding the bitcoin in exchange for a decrypter for the infected machines.
  • "On Friday we launched an attack" on managed service providers, a post from the dark web site Happy Blog reads. "More than a million systems were infected."
  • In May, REvil attacked Colonial Pipeline and managed to get the company to pay a $5 million ransom after its functionality and services were restricted, sparking a gas crisis in the U.S.
  • JBS Holdings, the world’s largest meat company by sales, also paid an $11 million ransom in a May 30 attack against it by the same group.
  • During a Friday public appearance, President Joe Biden said he'd ordered U.S. intelligence agencies to investigate the attack, and he would take measures if Russia was behind it.

Updated: July 5, 2021, 16:14 UTC: Information about President Biden's directive was added.


The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.