The Russian-led REvil ransomware gang was felled by an lively multi-place legislation enforcement procedure that resulted in its infrastructure being hacked and taken offline for a second time before this 7 days, in what’s the most up-to-date action taken by governments to disrupt the rewarding ecosystem.
The takedown was first claimed by Reuters, quoting numerous personal-sector cyber authorities performing with the U.S. federal government, noting that the May possibly cyber attack on Colonial Pipeline relied on encryption program formulated by REvil associates, formally corroborating DarkSide’s connections to the prolific felony outfit.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Coinciding with the progress, blockchain analytics agency Elliptic disclosed that $7 million in bitcoin held by the DarkSide ransomware team ended up moved by a collection of new wallets, with a compact fraction of the total getting transferred with each transfer to make the laundered funds more hard to observe and change the cash into fiat forex through exchanges.
On Sunday, it emerged that REvil’s Tor payment portal and knowledge leak web-site experienced been hijacked by unknown actors, with a member affiliated with the procedure stating that “the server was compromised and they ended up hunting for me,” leading to speculations of a coordinated regulation enforcement involvement.
The more and more successful and financially rewarding ransomware economy has been generally characterized by a elaborate tangle of partnerships, with ransomware-as-a-assistance (RaaS) syndicates these types of as REvil and DarkSide renting their file-encrypting malware to affiliate marketers recruited by means of on-line message boards and Telegram channels, who launch the attacks from company networks in exchange for a big share of the paid ransom.
This assistance model lets ransomware operators to boost the item, when the affiliates can emphasis on spreading the ransomware and infecting as numerous victims as doable to build an assembly line of ransom payouts that can then be split between the developer and them selves. It is really worth noting these affiliate marketers may possibly also convert to other cybercriminal enterprises that give preliminary accessibility through persistent backdoors to orchestrate the intrusions.
“Affiliates normally purchase corporate entry from [Initial Access Brokers] for low cost and then infect those people networks with a ransomware item formerly acquired by the operators,” Digital Shadows claimed in a report published in May perhaps 2021. “The rise of these danger actors in addition to the rising relevance of RaaS versions in the danger landscape implies an increasing professionalization of cybercriminality.”
REvil (aka Sodinokibi) shut down for the 1st time in mid-July 2021 following a string of high-profile attacks aimed at JBS and Kaseya previously this yr, but the crew staged a formal return in early September below the identical brand title, even as the U.S. Federal Bureau of Investigation (FBI) stealthily planned to dismantle the danger actor’s malicious functions without having their understanding, as described by the Washington Write-up.
“The REvil ransomware gang restored the infrastructure from the backups underneath the assumption that they had not been compromised,” Group-IB’s Oleg Skulkin was quoted as saying to Reuters. “Ironically, the gang’s possess favourite tactic of compromising the backups was turned towards them.”
Identified this write-up intriguing? Abide by THN on Facebook, Twitter and LinkedIn to read through additional unique material we publish.
Some elements of this report are sourced from:
thehackernews.com