Tag Archive for: “REvil”

Russia takes down REvil hacking group at U.S. request – FSB

/in


MOSCOW, Jan 14 (Reuters) – Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group’s members, the FSB domestic intelligence service said on Friday.

The arrests were a rare apparent demonstration of U.S.-Russian collaboration at a time of high tensions between the two over Ukraine. The announcement came as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related. read more

The United States welcomed the arrests, according to a senior admininstration official, adding “we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring.”

Register now for FREE unlimited access to Reuters.com

A May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast used encryption software called DarkSide, which was developed by REvil associates.

A police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million roubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.

A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months. Muromsky could not be reached for comment and his phone was off. Reuters could not immediately reach Bessonov.

Two Muscovites told Reuters Muromsky was a web developer who had helped them with websites for their businesses.

Russia told Washington directly of the moves it had taken against the group, the FSB said. The U.S. Embassy in Moscow said it could not immediately comment.

“The investigative measures were based on a request from the … United States,” the FSB said. “… The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised.”

The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.

The group members have been charged and could face up to seven years in prison, the FSB…

Source…

REvil Ransomware Group Servers Hit by Hacking Technique It Uses to Compromise Targets

/in


REvil, the ransomware group that hacked into the U.S. Colonial Pipeline this past May, was itself hacked and shut down by a multinational cyber operation, according to an exclusive report from Reuters.



The ransomware group REvil has been shutdown by the government using the same technique that it uses to hack into the servers of private companies.

© iStock/Getty
The ransomware group REvil has been shutdown by the government using the same technique that it uses to hack into the servers of private companies.

The group was reportedly hacked into using the same technique that brought down the Pipeline.

Loading...

Load Error

Officials from the Federal Bureau of Investigation (FBI) along with the U.S. Cyber Command, worked with a number of different countries to bring down REvil as well as a number of other cybercrime groups.

On a recent internet forum post, one of the leaders of REvil, known only as 0_neday, wrote that “the server was compromised, and they were looking for me.”

“Good luck, everyone; I’m off,” 0_neday continued.

The shutdown by the government used a loophole in the ransomware’s backup system, allowing law enforcement agencies to access REvil’s servers and shut them down.

“REvil…restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, an official at the Russian security company Group-IB. “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”

Reuters has described REvil as “one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world.”

The hacking of the Colonial Pipeline by REvil and another ransomware group, DarkSide, led to massive gasoline shortages and caused President Joe Biden to declare a state of emergency. The pipeline was only restored after Colonial Pipeline Company sent REvil $4.4 million.

REvil made headlines again in July when it hacked into software management company Kaseya, allowing the group to access the personal information of hundreds of the company’s clients.

The White House National Security Council told Reuters that they were “undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors,” but declined to comment specifically on the REvil operation.

Related…

Source…

Free ‘REvil’ Decryption Software Will Be Available For People Whose Computers Are Encrypted Before July 13

/in


REvil ransomware affected many users around the world, especially when it struck Kaseya over the past months. The common modus of the gang behind the REvil attack is to make the victim pay the ransom before the group decrypts the system.

Now, BitDefender released a free decryption tool for the victims who were previously hit by the REvil malware.

Free Decryption Tool For REvil Ransomware

BitDefender Releases Free Decryption Tool For REvil Ransomware

(Photo : Sigmund from Unsplash)
For those users who were affected by the previous REvil ransomware attacks, you can use a free decryption tool made by Bitdefender.

Dealing with malware like in the case of REvil could be difficult for users who have little to no knowledge about dealing with it.

REvil ransomware gang is notorious for forcing its victims to pay corresponding money in exchange for a master decryptor tool for their computers.

Cybersecurity firm Bitdefender confirmed that it has released the latest decryption software for REvil.

The good news is the victims can get it for free.

Bitdefender made it possible through the help of an unknown agency concerned with law enforcement. When the Romania-headquartered firm was asked about the specific name of its collaborator, it declined to comment.

The company has been tight-lipped on how it arrived with a free master decryption key for all REvil victims. It only said that there was an ongoing investigation about the malware.

The REvil decryption software could be used by those people who were hit by the malware, but there’s a catch. Those who have their computers encrypted by the malware before July 13 should be able to use it.

Bitdefender Warns Users About Returning REVil Attacks

According to a report by SlashGear on Friday, Sept.17, Bitdefender shared that the Ransomware-as-a-Service (RaaS) operator of REvil could possibly come from a CIS nation.

Furthermore, the dangerous malware began in 2019 when it has become proxy ransomware of the GandCrab, which was now non-existent.

However, the attacks linked to this malware were reportedly happening once again.

Most importantly, REvil ransomware dwells on the depths of the dark web to infect many tech companies.

You can download the free decryption software…

Source…

Cyber Security Today, Sept. 13, 2021 – The REvil ransomware gang is back, a new botnet is discovered and Formbook malware rises

/in


The REvil ransomware gang is back, a new botnet is discovered and Formbook malware rises.

Welcome to Cyber Security Today. It’s Monday September 13th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

 

Bad news on the ransomware front: The REvil ransomware gang is definitely back. There was some uncertainty about that last week when after two months of silence the data leak and payment websites of the gang were re-activated. No new victims were listed at that point. However, on Saturday the Bleeping Computer news service reported the gang has published screenshots of stolen data of a new victim. Why the gang was away isn’t clear. Some security researchers suspected that REvil was worried about being tracked by police after news spread internationally of its attack on Kaseya during the summer. A post on a criminal website suggested the gang worried that one of its members had been arrested, so it turned its servers off. A more recent post claimed the gang just wanted a break. It doesn’t matter. No matter who the gang is IT and security leaders have to be ready for ransomware attacks.

A new botnet that launches huge denial of service attacks has been discovered. A Russian cybersecurity firm called Qrator and the Yandex search engine believe more than 200,000 compromised network devices such as routers, gateways and switches are involved. One of the victims was Yandex. Dubbed the Meris botnet, many of the compromised devices are manufactured by a Latvian company called MikroTik. MicroTik says many of the devices were compromised in 2018 when its RouterOS operating system had a vulnerability. That vulnerability was quickly patched. But MikroTik says device operators have to change their passwords as well as apply the patch. On the other hand the Qrator/Yandex report says many of the compromised devices have newer versions of the MikroTik operating system.

A denial of service attack is like someone pounding on a company’s front door, except the front door is a website. Crooks launch denial of service attacks on victim companies to make their websites unavailable, then demand payment to stop. Huge attacks by this botnet have been launched…

Source…