The REvil ransomware crew has struck again. The same cybercriminals who breached Grubman, Shire, Meiselas & Sacks this spring has claimed Gaming Partners International as its latest victim.
GPI is a global force in casino gaming equipment, supplying the vast majority of the world’s casino currency. According to a recent interview with a Russian tech blog, REvil hacked and encrypted “absolutely all servers and working computers” at GPI.
The hackers also extracted more than 500 gigabytes of data during the breach. Among the files were casino contracts, banking information and technical documents related to GPI products.
REvil gave the company 72 hours to respond. Previous victims who failed to open negotiations before the deadline saw sensitive files posted online or sold in underground forums.
It’s a tactic that has proven much more effective than simply encrypting a victim’s data. REvil claims that 1 in 3 victims are willing to pay to prevent private data from being exposed.
You need only look back to January of this year to understand why that’s the case. London-based Travelex posted revenues of nearly $1 billion in 2018, yet a bungled response to a REvil attack ultimately forced the company into receivership this August.
REvil considers the Travelex attack to be its biggest achievement to date with Grubman Shire a close second. In the interview this week, a REvil member also claimed the group had successfully breached nearly two dozen Texas municipalities.
The gang’s motivations are purely financial. Even in the case of Grubman Shire, which involved the leak of numerous emails related to Trump businesses, politics didn’t factor in.
REvil claims to have netted more than $100 million in its first year of operation. Its ultimate goal is a tenfold increase.
How does a cybercriminal crew break the billion-dollar threshold? Through a methodical approach, recruiting talented new hackers and a willingness to work with competing groups.
There are hints that REvil may be teaming up with members of the Maze Group. The Maze ransomware recently shut down after a long and lucrative run…