REvil

REvil (also known as Sodinokibi) is a private ransomware-as-a-service (RaaS) operation [1] that recruits affiliates to distribute the ransomware for them. As part of this arrangement, the affiliates and ransomware developers split revenue generated from ransom payments.[2] It is difficult to pinpoint their exact location, but they are thought to be based in Russia due to the fact that the group does not target Russian organizations, or those in former Soviet-bloc countries.[3] REvil claims its annual revenue from its RaaS operations now exceed $100 million USD.[4]

Cybersecurity experts believe REvil is an offshoot from a previous notorious, but now-defunct hacker gang, GandCrab.[5] This is suspected due to the fact that REvil first became active directly after GandCrab shutdown, and that the ransomware both employ share a significant amount of code.

As part of the criminal cybergang's operations, they are known for stealing nearly one terabyte of information from the law firm Grubman Shire Meiselas & Sacks and demanding a ransom for not publishing it.[6][7][8] The group has attempted to extort other companies and public figures as well. In May 2020 they demanded $42 million from US president Donald Trump.[9][10] The group claimed to have done this by deciphering the Elliptic-curve cryptography that the firm used to protect its data.[11] According to an interview with an alleged member, they found a buyer for Trump information, but this cannot be confirmed.[12] In the same interview, the member claims that they will bring in $100 million in ransoms in 2020.

On the 16th of May the group released legal documents totaling a size of 2.4GB related to the singer Lady Gaga.[13] The following day they released 169 "harmless" e-mails which referred to Donald Trump or contained the word 'trump'.[14]

They were planning on selling Madonna's information,[15] but eventually reneged.[16]

References

  1. "McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars". McAfee Blogs. 2019-10-02. Retrieved 2020-10-07.
  2. "Sodinokibi Ransomware: Following the Affiliate Money Trail". BleepingComputer. Retrieved 2020-10-07.
  3. Saarinen, Juha (January 29, 2020). "No let up on REvil ransomware-as-a-service attacks". it news.
  4. "Moving To "Ransomware-as-a-Service": Operator "REvil" Dishes in Periodical-Style Q&A". Flashpoint. 2020-10-27. Retrieved 2021-01-20.
  5. Vijayan, Jai (September 25, 2019). "GandCrab Developers Behind Destructive REvil Ransomware". DARKReading.
  6. Cimpanu, Catalin. "Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump". ZDNet. Retrieved 2020-05-17.
  7. Winder, Davey. "Hackers Publish First 169 Trump 'Dirty Laundry' Emails After Being Branded Cyber-Terrorists". Forbes. Retrieved 2020-05-17.
  8. Sykes, Tom (2020-05-15). "'REvil' Hackers Double Their Allen Grubman Ransom Demand To $42m, Threaten To Dump Donald Trump Dirt". The Daily Beast. Retrieved 2020-05-17.
  9. "Criminal group that hacked law firm threatens to release Trump documents". NBC News. Retrieved 2020-05-17.
  10. Adler, Dan. "What Do These Hackers Have On Trump, and Why Would Allen Grubman Pay to Suppress It?". Vanity Fair. Retrieved 2020-05-17.
  11. "Forbes".
  12. Seals, Tara (October 29, 2020). "REvil Gang Promises a Big Video-Game Hit; Maze Gang Shuts Down". threatpost.
  13. Dazed (2020-05-16). "Hackers have leaked Lady Gaga's legal documents". Dazed. Retrieved 2020-05-17.
  14. Winder, Davey. "Hackers Publish First 169 Trump 'Dirty Laundry' Emails After Being Branded Cyber-Terrorists". Forbes. Retrieved 2020-05-17.
  15. Coble, Sarah (2020-05-19). "REvil to Auction Stolen Madonna Data". Infosecurity Magazine. Retrieved 2020-07-17.
  16. Coble, Sarah (2020-09-23). "Thieves Fail to Auction Bruce Springsteen's Legal Documents". Infosecurity Magazine. Retrieved 2020-12-10.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.