Russian Ransomware Group Suffers Big Blow

John Lister's picture

A ransomware gang said to have Russian links appears to have been knocked offline. The REvil group recently demanded a $70 million ransom after a major attack.

The group was linked to two recent attacks, the first on an international meat processing company. JBS, which is estimated to process 20 percent of the beef and pork sold in the US, had to shut down production while dealing with the breach.

An even more serious attack targeted Kaseya, a company that not only offers computing services to businesses, but also powers many managed service providers that run IT for their own clients. The attackers found a way to access remote monitoring tools without needing to login, then distributed malware disguised as a software update.

$70 Million Demand

Although only several dozen of Kaseya's customers were directly hit, the knock-on effects on their clients means as many as 1,500 businesses may have been compromised and left unable to access key data and systems.

Rather than try to extort the individual businesses, the attackers reportedly demanded $70 million from Kaseya to undo the damage, hoping its customers would pressure it into paying up.

The attacks appear to have been the work of REvil, a group with a particularly creative "business model." Rather than pick its own targets, it operates a "ransomware for hire" service where clients tell it who to infect and then give it a proportion of any money that victims pay. (Source: theguardian.com)

Putin May Have Turned On Scammers

The group is strongly linked to Russia and was raised in several recent conversations between Joe Biden and Vladimir Putin.

Rather than hiding online, REvil has a presence - including a blog - promoting its services and a site for making payments. Both of these are now unavailable. (Source: bbc.co.uk)

Government officials aren't saying anything publicly, but security analysts are speculating that either US or Russian cyber security staff have done something to make the sites unreachable. The latter would mean a change in tactics from Russia's political leadership which, even if it wasn't actively backing ransomware attacks on other countries, hasn't necessarily seemed that upset by the disruption.

What's Your Opinion?

Should governments use cyber attacks to make life harder for criminals? Can countries really cooperate against the gangs or will geopolitics get in the way? Should businesses pay ransoms after cyber attacks or does it simply encourage further attacks?

Rate this article: 
Average: 4.7 (12 votes)

Comments

Navy vet's picture

Joe should have put those businesses on the list of forbidden targets that he gave Putin.

bk27's picture

Cryptocurrencies need to be banned. If the criminals can't get any money, there's no motivation for them to go round hacking people.

kitekrazy's picture

These groups should be assassinated.

We also need to stop totally trusting software. There should always be a plan B to bypass software with mechanical items.

There was an interesting article on the Register about a farm machine stopped working due to software.

Watch the movie Runaway. We are there.

buzzallnight's picture

should be held financially responsible
for all the crappy software they have been producing all these years
and then thrown in jail!!!!!!!!!!!!!!!!!!!!