REvil: On the subject of cyberattacks and hacking, it is clear that no one is safe, and anyone can have their computer, mobile phone, etc. hacked, without having anything to do with whether they are rich or poor, laborer or count. But there are criminals who prefer to attack in a big way, and go for the most succulent loot
Ransomware, the malware of choice
Ransomware is a type of cyber threat that infects a computer or a network to encrypt it and steal the information it contains, and for its release requires a payment in exchange, usually in a cryptocurrency. But modern attacks are selective, adaptive, and stealth, using approaches that have already been tested and refined by advanced persistent threat (APT) groups.
According to a report by cybersecurity experts at Trend Micro, modern ransomware actors identify and target valuable data, often exfiltrating it from the victim’s network organization rather than simply encrypting it. This gives them another avenue of extortion: if the victim does not pay the ransom, the attacker may threaten to make the private data public. And for companies that have intellectual property data, proprietary information, private employee data, and customer data, this is a serious concern.
Because in his industry, “any data breach will lead to regulatory penalties, lawsuits and damage to reputation.”
An old acquaintance we have talked about before, REvil is ransomware as a service (RaaS), supplied by groups of “affiliated” agents paid by the ransomware developers. Managed service provider customers have been a target of REvil associates and other ransomware operators in the past, including a 2019 ransomware outbreak (later attributed to REvil) that affected more than 20 small local administrations in Texas. .
Also, with the decline of other RaaS offerings, REvil has become more active. According to Cybersecurity experts at Sophos, “Your partners have been overly persistent in their efforts lately, continually working to subvert protection against malware. In this particular outbreak, REvil agents not only found a new vulnerability in Kaseya’s supply chain, but using the manufacturer-required exceptions for protection systems (C: \ Program Files \ Kaseya \ and the like) ) are being able to deploy REvil’s ransomware code ”.