The ransomware that attacked the United States on July 4: REvil, the extortionist

Share your love

On the subject of cyberattacks and computer hacking, it is clear that no one is safe, and anyone can have their computer, mobile phone, etc. hacked, without having anything to do with whether they are rich or poor, laborer or count. But there are criminals who prefer to attack in a big way, and go for the most succulent loot

Ransomware, the malware of choice

Ransomware is a type of cyber threat that infects a computer or a network to encrypt them and steal the information they contain, and require payment in exchange for their release, generally in a cryptocurrency. But modern attacks are selective, adaptive, and stealth, using approaches that have already been tested and refined by advanced persistent threat (APT) groups.

According to a report From cybersecurity experts at Trend Micro, modern ransomware actors identify and target valuable data, often exfiltrating it from the victim’s network organization rather than simply encrypting it. This gives them another avenue of extortion: If the victim does not pay the ransom, the attacker may threaten to make the private data public. And for companies that have intellectual property data, proprietary information, private employee data, and customer data, this is a serious concern.

Because in your sector, “any data breach will lead to regulatory penalties, lawsuits and reputational damage. “


An old acquaintance that we have already talked about before, REvil is a ransomware as a service (RaaS), supplied by groups of “affiliate” agents paid by the ransomware developers. Managed service provider customers have been a target of REvil associates and other ransomware operators in the past, including a 2019 ransomware outbreak (later attributed to REvil) that affected more than 20 small local administrations in Texas. .

Read Also   Vintage Computing Festival Berlin 2021 on site and with live streams

Also, with the decline of other RaaS offerings, REvil has become more active. According to Cybersecurity experts at Sophos, “its associates have been overly persistent in their efforts lately, continually working to subvert protection against malware. In this particular outbreak, REvil agents not only found a new vulnerability in Kaseya’s supply chain, but using the manufacturer-required exceptions to protection systems (C: Program Files Kaseya and the like) are being able to deploy REvil’s ransomware code ”.

Blackmailing America on the 4th of July

Last Friday, as many companies in the United States were already having their staff out of the office or preparing for a long weekend of Independence Day celebrations on July 4, an agent associated with the REvil ransomware group put a widespread crypto extortion attack is underway.

Using an exploit (vulnerability) of Kaseya’s VSA remote management service, REvil actors launched “a malicious update package targeting managed service provider customers” and business users of the local version of Kaseya’s VSA remote monitoring and management platform.

REvil operators posted on their blog that more than a million devices had been infected by the malicious update. They also said that they were willing to provide a universal decryptor for victims of the attack, but in exchange for that they will be paid $ 70 million in bitcoins.The scope of REVil’s return is translating to more than 70 affected managed service providers, leading to a contagion effect to more than 350 affected organizations around the world.

According to Ross McKerchar, VP and Director of Information Security at Sophos, “We believe that the full scope of the organizations victims of this cyber attack is greater than any individual security company has reported. The victims span a range of locations around the world, with the majority in the United States, Germany and Canada, as well as many others in Australia, the United Kingdom and other regions.

Cyber ​​abductions around the world

Some successful ransomware attackers “they have raised millions of dollars in ransom, which has allowed them to buy very valuable zero-day exploits “. Certain exploits are generally considered only within the reach of nation-states. While “nation-states” would use them sparingly for a specific isolated attack, an exploit in the hands of cybercriminals for a vulnerability on a global platform can “Disrupt many companies at the same time and have an impact on our daily lives”, according to Sophos.

Read Also   ESA boss: Europe must not help Elon Musk to write the rules for space

What is certain is that it will not be the last time we will see REvil in action, given how effective it proves to be in its field.


Article Source

Share your love