REvil, a ransomware gang, gained notoriety by targeting big game hunting and demanding high ransoms.
REvil targeted critical infrastructure and high-profile companies, highlighting the vulnerability of various sectors.
Efforts to combat ransomware face challenges including jurisdictional limitations, anonymous cryptocurrencies, and the involvement of cyber insurance companies.
Deep dives
The Rise of Ransomware
Ransomware attacks, particularly the activities of the notorious ransomware gang known as REvil, have been wreaking havoc on companies worldwide. REvil, also known as Sodinokibi, is a Russia-based cybercriminal group that has made millions of dollars through its ransomware operations. The gang initially gained prominence by targeting big game hunting, focusing on infecting large companies or organizations that could pay hefty ransoms. They would exploit vulnerabilities or buy access to networks, encrypting systems and demanding payment for the decryption key. In some cases, they would also steal data and threaten to release it if the ransom was not paid. REvil operated a ransomware as a service business model, allowing other cybercriminals to use their ransomware in exchange for a percentage of the profits. The group's most notable attack was on software company Kaseya, which led to the compromise of approximately 1,500 networks and a demand for an unprecedented $70 million ransom. However, in a surprising turn of events, the Russian FSB claimed to have arrested 14 members of REvil, including alleged ringleader Yaroslav Vasinsky. The arrest followed the indictment of Vasinsky and another member, Jegeni Paayanen, by the US Justice Department. While the arrests were seen as a major blow to REvil, there are questions about the true fate of the group and whether their activities have truly come to an end.
Targeting Critical Infrastructure
REvil has targeted critical infrastructure and high-profile companies in several industries, including government entities and multinational corporations. Notable attacks include the Texas government, where multiple towns' computer systems were held hostage, and entertainment law firm GSM Law, which had their data encrypted and faced a $42 million ransom demand. The group has also targeted the largest meat supplier in the US, JBS, causing disruptions in their operations. These attacks highlight the vulnerability of critical infrastructure and the significant impact ransomware attacks can have on various sectors. Despite efforts by law enforcement agencies to crack down on ransomware groups, new gangs continue to emerge, perpetuating this ongoing threat.
Challenges in Combating Ransomware
The fight against ransomware is complex and challenging. Authorities face hurdles including jurisdictional limitations, lack of cooperation from certain countries, and the anonymous nature of cryptocurrencies used for ransom payments, typically Bitcoin. Ransomware gangs often operate with impunity in countries like Russia, while targeting organizations worldwide. The involvement of cyber insurance companies, which provide coverage for ransomware attacks, further complicates the situation. Some criminals exploit insurance policies, orchestrating attacks specifically to claim ransom payments. The growing sophistication and evolving tactics of ransomware groups present ongoing challenges to law enforcement agencies and cybersecurity professionals.
The Global Impact of Ransomware
Ransomware attacks have had a profound impact on a global scale. Companies of all sizes have fallen victim to these attacks, resulting in significant financial losses, reputational damage, and disruptions to vital services. The frequency and scale of attacks have escalated in recent years, with ransomware evolving into a highly profitable criminal enterprise. The success and profitability of ransomware campaigns have attracted a wide range of cybercriminals, leading to the proliferation of new ransomware groups and variants. As organizations continue to face this growing threat, efforts to enhance cybersecurity measures, promote information sharing, and strengthen international cooperation are crucial in combating ransomware and safeguarding critical systems.
The Future of Ransomware
Despite law enforcement actions and increased awareness, the threat of ransomware remains ever-present. As one group is neutralized, new ones emerge to fill the void. The lucrative nature of ransomware attacks and the potential for significant profits continues to incentivize cybercriminals. The evolving tactics and strategies employed by ransomware gangs make it imperative for organizations and individuals to remain vigilant in implementing robust cybersecurity measures, regularly backing up data, and educating employees about the risks. Collaboration between the public and private sectors, as well as international cooperation, is crucial in addressing the global challenge posed by ransomware.
REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world.
A special thanks to our guest Will, a CTI researcher with Equinix.
Sponsors
Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com.
Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more.
Get the Snipd podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share & Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
