Alleged REvil member claims they target companies with cyber insurance
An alleged member of the notorious ransomware gang REvil has divulged details about the group’s activity, including that they target companies with cyber insurance, prefer to remain apolitical, and also have access to nuclear power plants and ballistic missile launch systems.
The REvil representative, who uses the alias ‘Unknown’ on dark web forums, talked to Recorded Future expert Dmitry Smilyanets, in an interview that was conducted in Russian and then translated to English with the help of a translator.
The interview was also edited for clarity, according to Smilyanets.
REvil, also known as Sodinokibi or Sodin, is a ransomware gang that breaches companies networks using spam, exploits, exposed remote desktop services and hacked managed service providers (MSPs).
Like almost all other ransomware groups operating today, REvil also runs a ransomware-as-a-service (RaaS) operation, in which developers sell malware to affiliates who use it to encrypt the devices of the target organisations.
In the interview with Smilyanets, ‘Unknown’ said that the business of ransomware (or cybercrime) has always been lucrative – even when there were only winlockers and SMS.
The REvil member said that targeting organisations with cyber insurance is “one of the tastiest morsels” for REvil operators. ‘Unknown’ disclosed that the gang likes to hack insurers first, then, after working through their customer list, they return to hit insurers with a destructive attack.
‘Uknown’ acknowledged that the Covid-19 pandemic has impacted their operations to some extent with most targeted firms paying less than before.
Pharmaceutical firms are the exceptions, however, as they are doing good business during the pandemic.
“I think it is worth paying more attention to them. They are doing just fine,” ‘Unknown’ said.
The gang member also had some advice for corporate negotiators: don’t come in with too low an offer. If that happens, “We understand that the conversation with him is meaningless and we start publishing the data so that the owners of the network smack him upside the head for negotiating like that. And of course, after those kinds of…