REvil said it was able to steal sensitive data from Apple like computer designs and demanded a $50 million ransom. What else has REvil hacked?īesides Kaseya and JBS, REvil has been linked to high-profile ransomware attacks, including against Quanta, a Taiwanese company that sells data center gear to Apple. Hacking groups that are financially motivated, he said, can be more dangerous than nation-state hacking groups because they are more willing to “shut down hospitals.” Nation-state hacking groups operate by “unwritten rules and norms” that typically mean they avoid engineering hacks that could kill people, like shutting down a hospital, he explained. In exchange for using REvil’s services and malware, REvil, like similar groups, takes a roughly 20% cut of any ransomware payments while its affiliate hackers keep the other 80%, he added. REvil members have created online infrastructure on the dark web, a part of the Internet that search engines like Google don’t track, for other hackers to post stolen documents and collect ransomware payments from victims, Narang said. REvil acts a business that sells hacking technology and other tools to third-party hackers. This gives credence to the notion that former GandCrab members are now with REvil. Narang noted that the GandCrab group targeted managed service providers, which operate IT systems on behalf of other companies, during its final days. That said, with the number of similar ransomware groups, it’s hard to determine which hacking group is responsible for specific attacks. Tony Cook, ransomware negotiator and head of threat intelligence at GuidePoint Security, said REvil appears to be inspired by GandCrab in that the two groups use similar tool and hacking techniques. A year later, the Minister of Internal Affairs of Belarus said it had arrested a hacker with ties to GandCrab. In 2019, members of this GandCrab said they would retire and bragged about collecting $2 billion in ransom payments after just one year. Hackers affiliated with GandCrab targeted healthcare firms, including the medical service billing provider Doctor’s Management Service. Security researchers have linked the creators of the REvil/Sodinokibi malware to the authors of the GandCrab ransomware, which was first noticed in 2018. The group is also known as Sodinokibi, and security researchers have previously named the organization’s family of malware that encrypts, or scrambles data REvil/Sodinokibi, or REvil.Sodinokibi. REvil’s name is an amalgam of “ransomware” and “evil,” said Satnam Narang, a staff research engineer for the security firm Tenable. Here’s what you need to know about the notorious hacking group and its ransomware attacks. Although JBS said it was able to regain control of its computer systems, it paid a $11 million ransom to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.” In June, the FBI said REvil was behind the massive cyber attack that shut down the operations of JBS the world’s biggest meat supplier.
CABLE KREBS STAMOS GROUP RANSOMWHERE SOFTWARE
To gain access to the victims, the hackers exploited a bug in the IT management software of Kaseya. “If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action, or reserve the right to take action, on our own,” Psaki said.ĭon’t miss out on ET Prime stories! Get your daily dose of business updates on WhatsApp.The Kaseya attack, which started last Friday, hit a number of companies and organizations, including Sweden’s largest supermarket chain Coop and schools in New Zealand. national security officials had been in touch with Russian government officials over the attack. White House press secretary Jen Psaki said during a news conference Tuesday that U.S. Jack Cable, a security researcher for Krebs Stamos Group, said he had reached out to REvil, and the group offered to slash the price for the tool to $50 million in bitcoin. “If you are interested in such a deal, contact us,” the group wrote, adding that it had provided a way for victims to contact the organization. REvil said it would publish a tool that would allow all infected companies to recover their data if it were paid $70 million in bitcoin. Brett Callow, a threat analyst for cybersecurity firm Emsisoft, said REvil was also asking for $45,000 in cryptocurrency for each computer system a victim wanted restored.
0 kommentar(er)
