The ransomware group REvil has demanded a $92 million (US$70 million) payment in Bitcoin for a decryptor tool following its attack on the software vendor Kaseya, cyber researchers say.
The offer of a universal tool reflects the "logistical nightmare" REvil is now facing with thousands of potential victims to negotiate with, researcher Allan Liska at cybersecurity firm Recorded Future said.
"We know there are thousands of victims here. REvil [has] limited resources to handle negotiations and process keys," Mr Liska said, calling this the biggest non-nation state supply chain attack ever, and possibly the second biggest ransomware attack ever.
LIVE UPDATES: All the latest breaking news on coronavirus in Australia and across the world
The full impact won't be felt until later today when people in the US are back at work, experts say.
"Not everyone will have seen the alerts or had the urgency to check their own network/systems," said Bryce Webster-Jacobsen, the head of intelligence at cybersecurity company GroupSense.
Kaseya said it would release new information this morning, but has yet to do so. In Sunday night's update it reported that the attack "has been localised to a very small number of on-premises customers only."
READ MORE: World's largest meat producer getting back online after cyber attack
However, each customer, namely IT service providers, can have hundreds or thousands of clients themselves who are affected.
Asked whether he saw any change in REvil since its attack on JBS Foods, Mr Liska said they're "just more arrogant. If that is possible."