The US authorities appear to have scored an additional acquire in their struggle versus ransomware by forcing the notorious REvil team offline. Industry experts have warned that there could be repercussions for former breach victims.
1 former official and three personal-sector cybersecurity experts confirmed to Reuters that an global operation was liable for using the group’s facts leak web site “Happy Blog” offline a several days ago.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Governing administration experts managed to compromise some of the group’s backups so that when it restarted products and services following an additional outage in July, they have been by now in the palms of legislation enforcement.
Though official sources declined to comment, the White House has been ramping up the stress on ransomware actors because the Colonial Pipeline outage in Could, an attack that REvil-connected DarkSide group carried out.
REvil and its affiliate marketers ended up dependable for the monumental supply chain attack on Kaseya and several some others, amassing a fortune in the system.
The Biden administration launched a DoJ Ransomware and Electronic Extortion Task Force in April and signaled its intent to treat these offenses as they would terrorist attacks.
Jake Williams, CTO at BreachQuest, mentioned information of the REvil take-down has been circulating in closed danger intelligence teams for many times.
The leader of the group, “Unknown,” disappeared in July, with Williams suggesting it is probable either they or a shut conspirator were arrested and pressured to offer entry to the group’s infrastructure.
Even so, he warned that there may well be extra pain in shop for previous victims of REvil affiliate marketers that have experienced knowledge stolen in “double extortion” attacks.
“These affiliate marketers stay in line and don’t release [exfiltrated] info simply because carrying out so would clear away them from upcoming do the job with the main team, proficiently their hard cash cow. As operate from REvil is obviously drying up now, affiliate marketers will have to have new resources of revenue,” Williams argued.
“It will not be surprising to see stolen details marketed on the dark web. I anticipate that some businesses who thought their data was protected since they paid out an REvil ransom are in for a rude awakening.”
Some areas of this article are sourced from:
www.infosecurity-journal.com