The US authorities show up to have scored an additional acquire in their fight in opposition to ransomware by forcing the notorious REvil group offline. Authorities have warned that there could be repercussions for former breach victims.
A person former formal and 3 private-sector cybersecurity experts confirmed to Reuters that an international operation was responsible for using the group’s facts leak web page “Happy Blog” offline a handful of times ago.
Federal government professionals managed to compromise some of the group’s backups so that when it restarted companies after an additional outage in July, they had been currently in the fingers of legislation enforcement.
While official sources declined to comment, the White House has been ramping up the pressure on ransomware actors because the Colonial Pipeline outage in May perhaps, an attack that REvil-linked DarkSide group carried out.
REvil and its affiliate marketers were being dependable for the monumental supply chain attack on Kaseya and quite a few other folks, amassing a fortune in the process.
The Biden administration launched a DoJ Ransomware and Digital Extortion Undertaking Force in April and signaled its intent to handle these offenses as they would terrorist attacks.
Jake Williams, CTO at BreachQuest, said news of the REvil take-down has been circulating in shut threat intelligence groups for various days.
The chief of the group, “Unknown,” disappeared in July, with Williams suggesting it’s likely both they or a close conspirator were arrested and forced to deliver access to the group’s infrastructure.
However, he warned that there could be more agony in retailer for earlier victims of REvil affiliate marketers that have had details stolen in “double extortion” attacks.
“These affiliates stay in line and don’t release [exfiltrated] info since carrying out so would eliminate them from future get the job done with the core team, efficiently their funds cow. As work from REvil is plainly drying up now, affiliate marketers will will need new resources of earnings,” Williams argued.
“It will not be astonishing to see stolen information sold on the dark web. I anticipate that some corporations who believed their facts was protected mainly because they paid out an REvil ransom are in for a impolite awakening.”
Some parts of this article are sourced from:
www.infosecurity-journal.com