DailyPost 1941
REvil DISMANTLED
The global war on ransomware led by the US, declared in Oct 2021, seems to be showing its first signs of success. REvil is a ransomware group which has been dismantled by Russia at the behest of US. This can be taken as the first action of its kind, comprehensive and an indication of how the anti-ransomware tirade could play out globally. In November last year, Sophos, a Cyber Security firm revealed that ransomware was involved in 79% of the cybersecurity incidents from 2020-21. In this list Conti and REvil ransomware attacks were at the top of the list. The ransomware crime is fuelled by cryptocurrency. In Dec 2O21 FBI seized a crypto wallet containing 40 bitcoins approx. ($2.3 million) from Aleksandr Sikerin, who was affiliated with the same group, REvil.
REvil offers ransomware as a service (RaaS) as well. In exchange for the services and the malware, REvil demands in exchange substantial cut of the ransomware payment from the other group. What is most fascinating about the high-profile ransomware attacks this year is that they have been executed through RaaS. This speaks volumes about the likely proliferation of the crime, bringing it literally to the plug and play level. This was the same modus operandi in the ransomware attack in May 2021, against the Colonial Pipelines. It is an American oil pipeline company, where the cybercriminals leased the service from REvil. REvil has also been linked to another high-profile attack of the one against Quanta, a Taiwanese company selling data center gear to Apple. They stole Apple-like design data and *demanded a ransom of $50 million. It is unknown whether Quanta or Apple paid the ransom.
What is even more intriguing, that REvil successfully removed all references related to the extortion attempt from its Dark Web blog. It is unlike any state sponsored actor, working purely for windfall financial gains. They have also claimed to have indulged in ransomware attack of New York law firm; Grubman, Shire, Meiselas & Sacks. They claimed to have got documents related to former President Donald Trump. They have the capability to put the most sincere of the investigations into disarray. Given the global nature of peril at hand, the only way to move forward could be international collaboration. This was happening for the first time. Not being supported by any state actor helped. The anti-REvil operation could turn out to be a game changer, if this trajectory can be consolidated.
REvil was dismantled by Russian authorities on Friday on the specific request of US government agencies. In an official release it was said that this cybercriminal group has ”ceased to exist.”* following a recent operation. In the joint operation, Police and the FSB searched 25 addresses, detained 14 people and 246 million roubles (Rs.40 crores), $600,000 euros, computer equipment and 20 luxury cars. The two accused identified by the Moscow court are Roman Muromsky and Andrei Bessonov and were remanded to custody for the next two months. An exemplary investigation so far, a model which needs to be replicated in a large number of such cases, if we have to stem the tide. Is this the beginning of the end or the beginning of a new phase of ransomware? Only time will tell. Wikileaks and Silk Road can be treated as historical references.
OUR WAR ON RANSOMWARE WILL DECIDE, WHETHER WE WILL END UP DESCENDING INTO CYBER CHAOS?
Sanjay Sahay