John Anthony Smith: Russian Speaking REvil Group Is Actively Causing Widespread Cyber Terror

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


(John Anthony Smith, president of the fast-growing Conversant Group on the Southside, advises on Internet security after an attack by a Russian criminal gang on a U.S. pipeline company that caused many gas stations to run dry for several days).

Similar in some ways to the global SolarWinds breach that occurred last year, threat actors have once again breached another system used for monitoring, patching, and remote administration.[1]  On Friday, it became publicly known that Kaseya, a well-known player in Remote Monitoring and Management (RMM) tools, had succumbed to a supply chain compromise.  Kaseya’s RMM, known as VSA, is commonly used by Managed Service Providers to manage, monitor, and patch their customers’ infrastructures. 

 

REvil Group was able to breach Kaseya’s VSA system and use that system to destroy backups and subsequently encrypt over 200 organizations’ data.  Kaseya VSA by the nature of how its system works has highly privileged access to the infrastructures in which it is deployed, as it is used to monitor, manage, and patch systems.  Thus, REvil was able to orchestrate this malicious attack nearly unthwarted by security controls.  On Friday, Kaseya sent out a warning of a potential attack and urged customers to shut down their servers running the service.  According to Kaseya’s web site, more than 40,000 organizations use their products.

 

REvil is demanding $50,000 in ransom from smaller companies and $5 million from larger ones.[2]  REvil is a Russian speaking hacking group that is highly active, and they are the same group of threat actors that successfully collected an $11 million ransom from JBS Meats.  It is widely believed that REvil operates from Russia, and this recent compromise comes on the heels of President Joe Biden’s meeting with Russian President Vladimir Putin in Geneva.  It is obvious that Biden’s conversation has invoked little action, at least thus far, in reigning in REvil’s continued attacks.

 

Ransomware attacks have spiked in the past 1.5 years with $412 million in ransom payments being paid last year alone, and…

Source…