Ransomware attacks have become increasingly sophisticated over the past few years. Attackers have employed advanced techniques such as spear phishing, malware-as-a-service, and ransomware-as-a-service to launch their campaigns. They have also taken advantage of publicly available information to target specific organizations or individuals, and have developed custom malware to bypass traditional security measures.
Additionally, they have leveraged social engineering tactics to trick victims into revealing sensitive information or executing malicious code. Finally, they have adopted strategies such as extorting victims and creating sophisticated payment schemes to ensure maximum profits.
One of the most successful ransomware groups is known as REvil.
REvil was created by a group called GandCrab, who were the first to start “Big Game Hunting” in terms of ransomware. This group would get access into companies through dark web marketplaces, where it was regularly sold. They would specifically target companies whose reported profits that year were high, making them “big game”.
Eventually, GandCrab evolved into Ransomware as a service (RaaS). This meant that anyone who wanted, and had access into a company, could buy GandCrab. The GandCrab team would handle everything else, like working with victims to collect money and suppling the decryption key. The group was making a lot of money doing this, reportedly 2 billion dollars in the year it was operating.
However, the GandCrab group announced they were retiring.
In the few months after announcing their retirement and shutting down operation, the team came back to introduce their next product in April of 2019, REvil. During its run GradCrab had 5 versions, and REvil was supposed to be the best ransomware ever created. REvil has been used to target individuals, companies, and government agencies.
Notable targets:
· Acer: 50 million ransom
· Travelex: 2.3 million ransom
· GSM Law: 42 million ransom
· JBS: 11 million ransom
· Garmin: 10 million
· Apple: 50 million
· Kaseya; 70 million ransom
Revel’s largest attack was done on Kaseya. Kaseya are makers of the software Kaseya VSA. Many MSPs buy Kaseya VSA to do administration on their customers’ networks. So, by exploiting Kaseya REvil was able compromise all of the MSP’s customers, totaling to 1,500 individual networks. Unlike other targets, Kaseya went straight to the FBI, and they were able to crack the encryption and decrypt the affected networks.
The REvil servers shut down soon after this, but its unknown if the FBI was behind that. In the next few months, 2 people were arrested in connection to REvil including one who claimed to be the author. REvil has not yet resurfaced, but many other groups have popped up to take their place.
Want to learn more about how you can protect yourself and your business from cyber crime gangs? Contact us today and find out.
Comments