Ransomware group that carried out major attacks reappears after brief absence

by



[ad_1]

The payment portals and a victim-humiliating website used by the so-called REvil group have been silent since hackers claimed responsibility for a July ransomware attack on IT vendor Kaseya that affected around 1,500 businesses in the world.

“Currently, we haven’t seen any new casualties, but ultimately the group is back for making money because ransomware is very profitable,” said Adam Meyers, senior vice president of intelligence at security firm CrowdStrike .

The development comes three months after a meeting between President Joe Biden and Russian President Vladimir Putin in which Biden said he urged Putin to crack down on cybercriminals operating from Russian soil.

U.S. National Cyber ​​Security Director Chris Inglis said Thursday that public reports indicated that some Russian-speaking ransomware groups had been less active since the Biden-Putin meeting, but that it was “too early to say that we are left the case “.

“I think it’s a safe bet that [the ransomware groups] have self-deconstructed, that they’ve essentially gone cold and quiet to see if the storm ends and then they can come back, ”said Inglis, one of Biden’s senior cybersecurity advisers.

REvil is one of several ransomware gangs suspected of operating from Russia and Eastern Europe that have extorted millions of dollars from large corporations in recent months. The FBI blamed REvil for a ransomware attack in May against JBS USA, which accounts for about a fifth of beef production in the United States. JBS said it paid hackers $ 11 million to unlock their systems.

The incident followed the multi-day shutdown of the main fuel carrier Colonial Pipeline earlier in May after a ransomware attack by another Russian-speaking criminal group known as DarkSide. Colonial Pipeline, which transports about 45% of all fuel consumed on the East Coast, paid its extortionists $ 4.4 million.

The re-emergence of REvil “shows the resilience of organized cybercrime groups (…)

UN confirms hackers breached systems earlier this year

Ransomware has taken a heavy toll on the US economy in recent years.

Victims of ransomware attacks paid some $ 350 million in ransoms in 2020, according to Chainalysis, a company that tracks cryptocurrency. Those who don’t pay can spend millions of dollars rebuilding their IT infrastructure.

Alarmed by the potential of ransomware and other cyber threats to hamper America’s critical infrastructure, Biden met with executives of key tech and energy companies at the White House in August. In response, Google and Microsoft have pledged a combined $ 30 billion for cybersecurity initiatives.

As the White House tries to pressure Moscow to curb ransomware groups, U.S. officials have urged companies to step up security measures to make hacks less impactful.

The FBI and the US Agency for Cybersecurity and Infrastructure Security reminded companies in August that the agencies “strongly advise against paying a ransom to criminal actors” because it could allow hackers to invest in new capabilities.

[ad_2]

Source link