A Russia-linked gang is being investigated over what is now being considered the single biggest global ransomware attack on record. The gang is known as the REvil gang, and they’re famous for extorting $11 million from the meat processor JBS after a Memorial Day cyber attack.
This past Friday, thousands of individuals from at least 17 countries became victims of another cyber attack in which thousands of individuals are being locked out of their devices.
REvil was originally demanding a ransom of $5 million, however, late Sunday afternoon the group posted on their dark web site a universal decryptor software key that would unscramble all of the affected machines throughout the world, in exchange for $70 million in cryptocurrency.
U.S. Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang testifies during a hearing before Cybersecurity Subcommittee of Senate Armed Services Committee
“While the FBI is investigating the attack, its scale may make it so that we are unable to respond to each victim individually. President Joe Biden had directed the full resources of the government to investigate this incident and urged all who believed they were compromised to alert the FBI,” said Deputy National Security Advisor Anne Neuberger in a statement.
A wide range of businesses and public agencies have been impacted by this latest cyber attack. All continents have reported an issue, specifically in their financial services, travel and leisure sectors, and public sectors. A few large companies have also been impacted.
When ransomware hackers attack a certain device or server, they work to infiltrate the devices network and install malware that cripples the devices and scrambles all the data. Victims can only ever decode their device if they receive a key, which is only given after payments. ‘
Swedish grocery chain Coop is just one of the many businesses forced to shut down due to the fact that their cash register software supplier was completely crippled by the attack. An unnamed IT service company in Germany reported several thousand of its clients were compromised and unable to access their information.
A sign reading “Temporarliy closed – We have an IT-disturbance and our systems are not functioning” is posted in the window of a shuttered Coop supermarket store in Stockholm
“We have been advised by our outside experts that customers who experienced ransomware and receive communication from the attackers should not click on any links — they may be weaponized,” the company warned.
“The REvil offer to offer blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggests the group’s inability to cope with the sheer quantity of infected networks,” said Allan Liska, an analyst with the cybersecurity firm Recorded Future.
Victor Gevers is the member of a team currently investigating how the group was able to hack into all of these systems and how they can better protect themselves in the future. Specifically he discussed the popularity of VPN and VSA technology which works to protect all user information on any device using data.
According to CBS news, REvil has been “active since April 2019. The group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.”
Eric Mastrota is a Contributing Editor at The National Digest based in New York. A graduate of SUNY New Paltz, he reports on world news, culture, and lifestyle. You can reach him at firstname.lastname@example.org.