REvil Gang Arrests, Information Security Experts Reactions

BACKGROUND:

Europol has announced the arrest of several suspected REvil ransomware group suspects, while almost simultaneously the US Justice Department announced the indictment and seizure of millions of dollars from the individual suspected of launching the Kaseya ransomware attack earlier this year.

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Kimberly Goody
Kimberly Goody , Manager, Cybercrime Analysis
InfoSec Expert
November 10, 2021 1:33 pm

<p>These recent actions illustrate the importance of taking a multifaceted approach to combating the ransomware threat and working with international partners due to the borderless nature of cyber crime. REVIL has been a prolific ransomware threat since it emerged in May 2019. More than 300 organizations had appeared on its ransomware shaming site, with victims spanning 40 countries. Notably, REVIL operated under a ransomware-as-a-service model and several of the recent arrests and sanctions appear to be aimed at affiliates. This is notable because in other cases, when a ransomware has shut down or had disruptions, threat actors have moved to other ransomware affiliate programs. Actions aimed at these affiliates may have a more significant impact in the overall number of attacks, given the skills required to traverse and successfully deploy ransomware within victims’ environments are highly sought out in underground communities in comparison to ransomware itself.<br /> <br />While the recent actions against REVIL-affiliated actors are significant, they do not negate the fact that certain countries may take a position of strategic tolerance allowing ransomware operations to continue without interference as long as they don’t target domestic interests. This ultimately means that not all ransomware threat actors are going to be risk-averse as a result of recent actions, especially given how lucrative they have become.  However, imposing costs through arrests and sanctions is important to altering the cost-benefit analysis for ransomware threat actors as a whole.</p>

Last edited 10 months ago by Kimberly Goody
Camellia Chan
Camellia Chan , CEO and Co-founder
InfoSec Expert
November 10, 2021 1:32 pm

<p>Europol has announced that Romanian Law enforcement has arrested two more members of the formidable REvil ransomware gang. Although a positive step in the fight against criminal cyber gangs, it is by no means the end. It is imperative that businesses do not rest on their laurels despite this progress. Efforts to improve cybersecurity and bolster defences should be more robust than ever. New ransomware gangs are sure to emerge and as threats heighten, so too must a business’ defence strategy. </p>
<p>A staggering <a href=\"https://www.google.com/url?q=https://www.google.com/url?qhttps://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.htmlsourcegmail-imapust1636554197000000usgAOvVaw1N2xL5_wqLBPQ-UPMgOmx9&source=gmail-imap&ust=1637058985000000&usg=AOvVaw1JiBGbqK4e2qgzaVDXvPVB\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.google.com/url?qhttps://www.google.com/url?q3Dhttps://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html26source3Dgmail-imap26ust3D163655419700000026usg3DAOvVaw1N2xL5_wqLBPQ-UPMgOmx9sourcegmail-imapust1637058985000000usgAOvVaw1JiBGbqK4e2qgzaVDXvPVB&source=gmail&ust=1636630998359000&usg=AFQjCNEkIIkMR5RAh6CUXgpCpgOSexz2IQ\">95 per cent</a> of data breaches are a product of human error, showing that anti-virus software alone is not sufficient, as it requires significant human involvement (like updating software). Therefore, a solution with “zero-trust” framework is important where all requests are thoroughly scrutinized to ensure no threats can bypass and touch the precious data. Companies should adopt robust AI Cybersecurity at the physical layer as the last line of defence. And, incredible advancements in technology mean it’s now possible to have AI-infused SSD embedded into laptops to protect against every type of attack, from ransomware and malware all the way to physical security. Businesses should not be taking their foot off the pedal – now is the time to capitalise on new technologies and enhance defences!</p>

Last edited 10 months ago by Camellia Chan
Steve Forbes
Steve Forbes , Government Cyber Security Expert
InfoSec Expert
November 10, 2021 1:29 pm

<p>The tables are turning for ransomware groups as law enforcement organisations around the world are taking an increasingly strong stand against threat actors. Most recently we’ve seen the REvil arrests in Europe and the US, and the seizing of millions of dollars from the suspect reportedly behind the Kaseya ransomware attack this summer.</p>
<p>The collective efforts by the US and over a dozen countries to pursue cyber criminals and take back their ill-gotten gains is not just a message for the ransomware groups themselves, but a signal to would-be cyber attackers everywhere that these attacks won’t be tolerated. When you consider that the FBI Director has told US lawmakers that they’re investigating more than 100 types of ransomware, there is likely more action to come.</p>
<p>Maintaining this type of pressure on global criminal operations will be essential to preventing them from reinventing themselves and returning in a new guise. Unfortunately, considering the funds and resources these entities now have available, the battle against ransomware is not yet over.</p>

Last edited 10 months ago by Steve Forbes
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x