top of page
  • juanjomartinez56

Is 'Revil' ransomware group back to school?

On July 13th, Russian-based Revil ransomware shut down their servers shortly after a phone call from President Biden to Putin. And I hoped we were beginning a new era of international cooperation to fight organized ransomware. 🙏

Revil exploited a vulnerability of Kaseya's VSA software, used by MSPs to provide essential services to their customers’ IT infrastructure. 🔓

In this attack, perpetrated on July 2nd, they encrypted 1 million systems belonging to over 1500 end customers and 60 MSPs. 🧨

The ransoms they requested set new records. Either $5M per MSP and $45K per individual customer or $70M for a universal key, valid for all. 💰

The incident was happily ended on July 23rd when Kaseya's mysteriously got the decryption keys from a "trusted third party." 🔐

A lot had been written speculating whether the White House pressure or other motivations were behind this happy ending. 🤷‍♀️

In any case, my hopes seem vanished now, as Revil is back to life again. Two servers, the Tor payment/negotiation site and their Tor 'Happy Blog' data leak site are online now. ☠️

It is unclear if they have come back after a sabbatical or if law enforcement has reactivated them. ❓

Whatever, it's sending a strong sign of alert for all of us to keep our security posture high and our incident response teams ready. 🛡

In addition to your prevention and detection, Is your organization prepared to respond to a ransomware attack of this magnitude? 🤔

Here are the links to bleeping computer and Wikipedia articles.

9 visualizaciones0 comentarios

Entradas Recientes

Ver todo


bottom of page