REvil: Focus on the most popular ransomware of the moment
According to IBM Security X-Force researchers, more than 140 organizations have been affected by attacks initiated by the REvil group around the world since April 2019.
Virtually all industries have been affected by cybercriminals.
According to IBM researchers, the majority of organizations affected by these cybercriminals are American structures (60%). In addition, one in three organizations affected by the REvil gang eventually gave in and paid the ransoms demanded. At the same time, one-tenth of these victim organizations have had their sensitive information sold on the DarkWeb black market. As it should be pointed out, one third of the organizations attacked by the group were victims of theft of sensitive data.
This article will also interest you: REvil: one of the most dangerous Ransomwares
The ransom demands generally made by this group of cyber criminals vary according to the annual revenues of the targeted structures. The ransom requirements ranged from US$1,500 to US$42 million. An evaluation that opens up can be up to 9% of the organization's turnover targeted by the criminal enterprise.
IBM researchers were able to establish a relationship between the REvil group of cybercriminals and another group called FIN7, also known as Carbanak. This can be done by the existence of common affiliates in the exercise of their business. In addition, it was estimated to be worth $95 million, with revenues earned by REvil's cyber criminals. According to an interview conducted by a Russian blogger with a suspected member of the group known as Unknown seems to confirm the information. According to the latter, the group earns nearly $100 million from its ransomware attacks. Last September, the group was recruiting on hacker forums to recruit much more qualified hackers. To do so, they literally deposited nearly $1 million in bitcoin according to the specialist website BleepingComputer.
According to a recent analysis by Coveware, a company specializing in computer security, specifically in responding to ransomware attacks, REvil, still known as Sodinokibi, holds the largest share of program-based attacks in the cybercrime sector. 16 percent of such attacks are believed to be due to the group in question in the third quarter of 2020. "Almost half of all ransomware cases studied by the company also involved threats to disclose exfiltrated data, with an increasing number of groups adopting this technique. notes Lucian Constantin, CSO.
"Coveware believes we have reached a tipping point with the data exfiltration tactic," said the security firm. "While some companies have chosen to pay threat actors not to disclose exfiltrated data, the publisher has seen the failure of cybercriminals' promises – if so – to delete the data." According to the security company, the victims of attacks who agreed to pay the ransom to the group stop a new extort by the threat of disclosure of the collected data. This is not new because many other cyber criminals tend to fail to live up to their promises.
"Unlike negotiating a decryption key, negotiating the deletion of stolen data has no determined end," Coveware said, "Once a victim receives a decryption key, it cannot be taken away and does not degrade over time. With stolen data, a malicious actor can return to the charge for a second payment at any time. If there is still a lack of hindsight, the evidence that wrongdoing occurs selectively is already established. Therefore, we strongly advise all victims of data exfiltration to take rigorous but responsible action. These include obtaining advice from privacy lawyers, investigating the data that has been collected, and making the necessary notifications resulting from this investigation and the lawyer." Concludes the company.
Now access an unlimited number of passwords: