Russian Ransomware Group Suffers Big Blow
A ransomware gang said to have Russian links appears to have been knocked offline. The REvil group recently demanded a $70 million ransom after a major attack.
The group was linked to two recent attacks, the first on an international meat processing company. JBS, which is estimated to process 20 percent of the beef and pork sold in the US, had to shut down production while dealing with the breach.
An even more serious attack targeted Kaseya, a company that not only offers computing services to businesses, but also powers many managed service providers that run IT for their own clients. The attackers found a way to access remote monitoring tools without needing to login, then distributed malware disguised as a software update.
$70 Million Demand
Although only several dozen of Kaseya's customers were directly hit, the knock-on effects on their clients means as many as 1,500 businesses may have been compromised and left unable to access key data and systems.
Rather than try to extort the individual businesses, the attackers reportedly demanded $70 million from Kaseya to undo the damage, hoping its customers would pressure it into paying up.
The attacks appear to have been the work of REvil, a group with a particularly creative "business model." Rather than pick its own targets, it operates a "ransomware for hire" service where clients tell it who to infect and then give it a proportion of any money that victims pay. (Source: theguardian.com)
Putin May Have Turned On Scammers
The group is strongly linked to Russia and was raised in several recent conversations between Joe Biden and Vladimir Putin.
Rather than hiding online, REvil has a presence - including a blog - promoting its services and a site for making payments. Both of these are now unavailable. (Source: bbc.co.uk)
Government officials aren't saying anything publicly, but security analysts are speculating that either US or Russian cyber security staff have done something to make the sites unreachable. The latter would mean a change in tactics from Russia's political leadership which, even if it wasn't actively backing ransomware attacks on other countries, hasn't necessarily seemed that upset by the disruption.
What's Your Opinion?
Should governments use cyber attacks to make life harder for criminals? Can countries really cooperate against the gangs or will geopolitics get in the way? Should businesses pay ransoms after cyber attacks or does it simply encourage further attacks?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Biden's fault
Joe should have put those businesses on the list of forbidden targets that he gave Putin.
Ransomware
Cryptocurrencies need to be banned. If the criminals can't get any money, there's no motivation for them to go round hacking people.
I think extreme
These groups should be assassinated.
We also need to stop totally trusting software. There should always be a plan B to bypass software with mechanical items.
There was an interesting article on the Register about a farm machine stopped working due to software.
Watch the movie Runaway. We are there.
M$ one of the richest companies in the world
should be held financially responsible
for all the crappy software they have been producing all these years
and then thrown in jail!!!!!!!!!!!!!!!!!!!!