After nearly a two-month absence, cyber security researchers confirm the reappearance of Russian-linked ransomware gang, REvil. The cyber gang and their dark web servers went offline on July 13. It is presumed that their hasty disappearance came after learning of a possible law enforcement action — issued shortly after pressure from the Biden administration.
REvil came to be well known in the beginning of summer by its successful chain-attack on IT management provider, Kaseya. The company reported a breach which impacted 800-1,500 businesses. The cyber gang – also known by Sodinokibi – exploited vulnerabilities in Kaseya’s VSA, which gave them access to a range of Kaseya’s clients, making it one of the biggest ransomware attacks to date by demanding a ransom of $70 million.
Kaseya responded by shutting down its VSA and worked closely with the FBI, CISA and other defense parties to help with the incident.
Analyst Notes
While it is uncertain that the recent activity is directly linked to REvil or law enforcement dismantling the sophisticated network – there is one certainty – there will be more attempts of highly orchestrated attacks by REvil or imitators – this according to KPB, (link to: https://www.kpn.com/security-blogs/tracking-revil.htm), which has been tracking REvil’s movements.
Chain-attacks and ransomware are top concerns in cybersecurity. Our experts advise that companies strategize by:
• Regularly backing up data and password protected backup copies offline.
• Use multi-factor authentication where possible.
• Avoid reusing passwords for multiple accounts.
• Installing updates/patch operating systems, software, and firmware.
• Using strong passwords and regularly changing passwords.
• Focusing on cyber security awareness and training.
• Consider comprehensive endpoint monitoring with Binary Defense’s Security Operations Services (SOC) – protection offered 24/7.
https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/
