Tag Archive for: “REvil”

REvil Affiliate Off to Jail for Ransomware Scheme

/in


Ukrainian national Yaroslav Vasinskyi, affiliate of the REvil ransomware-as-a-service group, was sentenced to more than 13 years in prison after pleading guilty to an 11-count indictment.

The charges against Vasinskyi, also known as Rabotnik, involved conspiracy to commit fraud, conspiracy to commit money laundering, and damage to protected computers. According to court documents, he conducted thousands of ransomware attacks using the Sodinokibi/REvil ransomware variants.

“Yaroslav Vasinskyi and his co-conspirators hacked into thousands of computers around the world and encrypted them with ransomware,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Then they demanded over $700 million in ransom payments and threatened to publicly disclose victims’ data if they refused to pay.”

Alongside his sentencing, Vasinskyi has been ordered to pay roughly $16 million in restitution for the role he played in over 2,500 ransomware attacks — a fraction of the $700 million in ransom payments that was demanded of his victims.

Source…

As New Clues Emerges, Experts Wonder: Is REvil Back?

/in


Is REvil Back

Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia.

The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In this apprehension, the 14 members of the gang were found in possession of 426 million roubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars were brought to justice.

REvil Ransomware Gang- The Context

The financially-motivated cybercriminal threat group Gold Southfield controlled ransomware group known as REvil emerged in 2019 and spread like wildfire after extorting $11 million from the meat-processor JBS.

REvil would incentivize its affiliates to carry out cyberattacks for them by giving a percentage of the ransom pay-outs to those who help with infiltration activities on targeted computers.

In July 2021, hackers working under REvil exploited zero-day vulnerabilities in Managed Service Provider (MSP)service developed by a company called Kaseya. As is often the case, these vulnerabilities had not been patched and were therefore open for exploitation. The code change was deployed globally against over 30 MSPs worldwide and 1,000 business networks managed by those MSPs.

The hackers rented their ransomware to other cyber criminals so that a similar attack could occur and disrupt the activities of others. It’s been reported how sustained ransomware attacks were conducted revealed that most hacking groups utilize Ransomware-as-service by renting out their services to other users (who often have easy access to the victim’s systems, networks, and other personal information). The famous Colonial Pipeline, the oil pipeline company, operating in the United States, was attacked by REvil as part of a Ransomware service.

In October 2021, a multi-country law enforcement operation seized control of REvil’s main ransomware-related resources and dismantled the darknet campaign that was being conducted on anonymous ToR servers.

But thanks to the U.S.-Russian collaboration, the REvil…

Source…

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

/in


REvil Ransomware

In an unprecedented move, Russia’s Federal Security Service (FSB), the country’s principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organized cybercrime syndicate.

“In order to implement the criminal plan, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet,” the FSB said in a statement.

Automatic GitHub Backups

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

One of the most active ransomware crews last year, REvil took responsibility for high-profile attacks against JBS and Kaseya, among a string of several others. The U.S. government told Reuters that one of the arrested individuals was also behind the ransomware attack on Colonial Pipeline in May 2021, once again confirming REvil’s connections to another group called DarkSide.

REvil Ransomware

The group formally closed shop in October 2021 after the U.S. intervened to take its network of dark web servers offline. The next month, Romanian law enforcement authorities announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, even as the U.S. charged a 22-year-old Ukrainian citizen linked to the ransomware gang for orchestrating the Kaseya ransomware attack.

All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison. The suspects weren’t named, but Reuters noted that a Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov.

Prevent Data Breaches

The crackdown also comes as threat actors likely affiliated with…

Source…

Ransomware Group REvil Dismantled in Raids, Russia Says

/in


U.S. officials have said that the Kremlin could shut down hacker groups like REvil, but tolerates or even encourages them, as long as their targets are outside of Russia.

In July, following President Biden’s ultimatum, REvil went offline, fueling speculations about whether the Kremlin had ordered the group to go quiet, or the United States or its allies had managed to disrupt its operations, or the group itself had decided to go underground, fearing that the heat had become too intense.

However, it resurfaced two months later, reactivating a portal victims use to make payments. In October, it was again forced offline, temporarily, by a counter-hacking effort mounted by the governments of several countries, including the United States.

REvil, short for “ransomware evil” has been one of the most notorious ransomware hacking groups sought by United States law enforcement. Ransomware groups hack into a victim’s computer system and encrypt its data, effectively locking out the owners, and extort them for money — sometimes millions of dollars, paid in cryptocurrency — in return for reversing the encryption.

U.S. intelligence agencies identified REvil as responsible for the attack on one of America’s largest beef producers, JBS, last June, forcing the shutdown of nine beef plants. In the end, JBS said it had paid an $11 million ransom in Bitcoin. The operator of the Colonial Pipeline paid almost $5 million in Bitcoin.

REvil also took credit for what was described as the biggest ransomware hack ever in July, affecting up to 1,500 businesses around the world.

The organization…

Source…