Alan Liska of Cyber Security Company Recorded Future said the message appeared to be real and that the site had been used by the group since 2020, Reuters reports.
He noted that the REvil gang is one of the largest ransomware groups in cyberspace.
The gang is organized so that it can sometimes be difficult to determine who is speaking on behalf of the hackers, but Liska judged the letter “almost certainly” from REvil’s top management.
The group did not respond to a Reuters attempt to contact them for comment.
The ransomware attack by REvil on Friday was one of the most serious in recent times. The gang broke into Kaseya, a Miami-based IT company, and used its access to hack the computers of some of the company’s clients, triggering a chain reaction that quickly crippled the computers of hundreds of companies around the world.
Cyber security experts soon blamed REvil for the attack. Sunday’s announcement was the group’s first public admission that they were behind the attack.
CEO Casseh confirmed that the company was aware of the ransom request but declined to provide further details.
Liska says the hackers “gnawed more than they chewed”. “I think it got out of hand and it’s much bigger than they were expecting,” he assessed.
A few weeks ago, REvil was behind the attack on the world’s largest meat company, JBS, which had to close plants in the US and other countries for a few days. In the end, she paid $11 million in ransom.