The ransomware group that carried out major attacks reappears after a brief absence

by

Payment portals and a baffled victims’ website used by the so-called REvil group had been silent since hackers claimed responsibility for a July ransomware attack on IT provider Kaseya that affected about 1,500. companies around the world.

“We haven’t seen any new victims so far, but eventually the group has made money again, as the ransomware is very profitable,” said Adam Meyers, senior intelligence vice president at security firm CrowdStrike.

The development comes three months after a meeting between President Joe Biden and Russian President Vladimir Putin, in which Biden said he urged Putin to crack down on cybercriminals operating from Russian territory.

U.S. cyber director Chris Inglis said Thursday that public reports indicate that some Russian-speaking ransomware groups have been less active since the Biden-Putin meeting, but that “it was too early to say we’re out of the woods. “.

“I think it ‘s a fair bet [the ransomware groups] they’ve self-destructed, they’ve essentially gone cold and calm to see if the storm will fly and if they’ll come back, ”said Inglis, a cyber security adviser at Biden.

REvil is one of many suspected ransomware gangs operating in Russia and Eastern Europe that have extorted millions of dollars from major companies in recent months. The FBI blamed REvil for a May ransomware attack on JBS USA, which accounts for about one-fifth of U.S. beef production. JBS said it paid hackers $ 11 million to unlock its systems.

That incident came after the multi-day shutdown of the main fuel carrier Colonial Pipeline in early May following a ransomware attack by another Russian-speaking criminal team known as DarkSide. Colonial Pipeline, which carries approximately 45% of all fuel consumed on the east coast, paid its extortionists $ 4.4 million.

The reappearance of REvil “shows the resilience of organized cybercrime groups … to get back into business as usual in a relatively short period of time,” Michael DeBolt, intelligence chief of the cybersecurity firm, told CNN Intel 471.

The United Nations confirms that hackers breached its systems earlier this year

Ransomware has increasingly affected the US economy in recent years.

According to Chainalysis, a cryptocurrency tracking company, victims of ransomware attacks paid about $ 350 million in bailouts in 2020. Those who don’t pay can spend millions of dollars rebuilding their IT infrastructure.

Alarmed by the potential of ransomware and other cyber threats to hamper U.S. critical infrastructure, Biden met with executives from major technology and energy companies at the White House in August. In response, Google and Microsoft pledged $ 30 billion in cybersecurity initiatives.

As the White House tries to pressure Moscow to become a ransomware group, U.S. officials have urged companies to intensify their security measures to make hackers less impactful.

The FBI and the U.S. Agency for Security and Cybersecurity and Infrastructure Security reminded companies that agencies “strongly advise against paying a ransom to criminal actors” because it could allow hackers to invest in new capabilities.

.Source