The ransomware group REvil has demanded a $70 million payment in bitcoin for a decryptor tool following its attack on the software vendor Kaseya, cyber researchers say.

The offer of a universal tool reflects the “logistical nightmare” REvil is now facing with thousands of potential victims to negotiate with, researcher Allan Liska at cybersecurity firm Recorded Future said.

“We know there are thousands of victims here. REvil [has] limited resources to handle negotiations and process keys,” Liska said, calling this the biggest non-nation state supply chain attack ever, and possibly the second biggest ransomware attack ever.

Cybersecurity teams worked feverishly over the weekend to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.

Cyberattacks are surging – here’s how companies should respond

The full impact won’t be felt until Tuesday when people are back at work, experts say.

“Not everyone will have seen the alerts or had the urgency to check their own network/systems,” said Bryce Webster-Jacobsen, the head of intelligence at cybersecurity company GroupSense.

Kaseya said it would release new information Monday morning, but has yet to do so. In Sunday night’s update it reported that the attack “has been localized to a very small number of on-premises customers only.”

However, each customer, namely IT service providers, can have hundreds or thousands of clients themselves who are affected.

Asked whether he saw any change in REvil since its attack on JBS Foods, Liska said they’re “just more arrogant. If that is possible.”