Russian speaking cyber gang, REvil (aka Sodinokibi on the dark web), claimed to behind the ransomware attacks against one of the largest global meat suppliers, JBS — and recently, the Kaseya MSP attack on the company and customers.
The REVil gang steals data through deploying ransomware and then threatens to auction off the sensitive data, unless a ransom is paid.
Related: Kaseya Confirms Sophisticated Cyberattack Over The Holiday Weekend
The REvil gang used Kaseya’s network-management package to spread ransomware through cloud-service providers. The attack has affected hundreds of small and medium size businesses across a dozen countries, such as schools in New Zealand and supermarkets in Sweden.
CNBC reports the hackers, in private conversations, have lowered their ransom demand price from $70 million to $50 million. It may be a sign the cyber gang is having trouble monetizing their massive breach.
JBS ended up paying an $11 million ransom after the REvil gang originally demanded $22.5 million.
Another expert said the hackers may have bitten off more than they chew after encrypting so much data from so many businesses at once.
Where is REvil gang now?
As of July 13th, the REvil gang has mysteriously vanished from the internet, including the site the gang uses to communicate with victims and to collect the ransom payments.
The reason for the disappearance is unclear; however some speculate president Joe Biden said he warned Vladimir Putin there would be consequences if he failed to address the ransomware attacks emanating from within Russia’s borders.
What is ransomware-as-a-service?
The REvil gang utilizes a ransomware-as-a-service (RaaS) business model, in which they lease ransomware variants in the same way software developers lease software-as-a-service products.
The RaaS can be found on the dark web and are ideal for malicious actors lacking the skill or time to develop their own ransomware. RaaS kits allow hackers to deploy ransomware quickly and affordably. They are often advertised the same way goods are advertised on the legitimate web, according to Crowdstrike.
REvil sells its RaaS kits under the criminal group Pinchy Spider, which takes 40% of the profits.
What can we do now?
The REvil cyber gang is behind some of the largest ransomware demands as of late.
Make sure your company has a plan to keep your company data safe and secure, so your company does not fall a victim of such attacks used by cybercriminal gangs like REvil.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply