What is REvil, the ransomware group dismantled by Russia at US request

Ransomware group REvil has been dismantled by the Russian authorities on Friday on the request of US authorities businesses. According to a report by Reuters, the Federal Security Service of the Russian Federation (FSB) stated in an announcement that the cybercriminal group had “ceased to exist” following a latest enforcement operation.
The announcement comes as Ukraine was responding to an enormous cyberattack that shut down authorities web sites, although there was no indication the incidents have been associated. Here we take a more in-depth take a look at REvil ransomware gang and its functioning.
Who/what’s REvil?
REvil’s title is an amalgam of “ransomware” and “evil”. The group is a Russia-based hacking organisation. Security researchers have beforehand named the organisation’s household of malware as REvil/Sodinokibi, or REvil.Sodinokibi.

Gangs akin to REvil deploy ransomware, which is basically a file blocking virus that encrypts recordsdata after an infection. After the info is stolen and made inaccessible to the sufferer, the group sends out a ransom request message to the victims. The message usually calls for that the ransom be paid in cryptocurrencies akin to Bitcoin. If the ransom just isn’t paid in time the demand doubles. The motive cryptocurrencies are most well-liked is because of perceived anonymity and ease of on-line fee.
The group REvil would steal knowledge from the computer systems, lock the victims out of their computer systems, after which threaten to launch stolen knowledge by auctioning it off. This is a novel strategy of making use of extra stress on victims.
REvil additionally acted as a enterprise and offered hacking expertise amongst different instruments to third-party hackers. REvil members would lease that ransomware to different hacking teams so {that a} comparable assault may very well be carried out. They would supply ransomware as providers (RaaS). In alternate for utilizing REvil’s providers and malware, the group would a considerable minimize of any ransomware funds from the opposite group.
Interestingly, a few of the most high-profile ransomware assaults of this 12 months have been performed by RaaS teams, together with the well-known ransomware assault in May towards Colonial Pipeline, an American oil pipeline firm, the place the cybercriminal leased the service of REvil.

The ransomware gang has been linked to high-profile assaults, together with towards Quanta, a Taiwanese firm that sells knowledge middle gear to Apple. REvil stated it was capable of steal delicate knowledge from Apple-like laptop designs and demanded a $50 million ransom. However, as tech publication MacRumors reported in April, REvil “mysteriously removed all references related to the extortion attempt from its dark web blog.” As of now, it’s unclear whether or not Apple or Quanta paid the ransom.
It ought to be famous that, in contrast to state-sponsored hackers, REvil is solely financially motivated. The infamous group additionally took credit score for hacking New York legislation agency Grubman, Shire, Meiselas & Sacks, claiming to have obtained paperwork associated to former President Donald Trump.
The shutdown of REvil
In a joint operation, police and FSB searched 25 addresses, detained 14 folks, and seized 426 million roubles (roughly Rs 40 crore), $600,000 (roughly Rs 4 crore), 500,000 euros, laptop gear, and 20 luxurious automobiles.
According to Reuters, a Moscow courtroom recognized the 2 accused as Roman Muromsky and Andrei Bessonov and remanded them in custody for 2 months. Muromsky was an internet developer who designed web sites for a store known as “Motohansa” promoting motorbike spare elements.
“He is a smart person and I can imagine that if he wanted to do it (hacking) he could, but he charged very little money for his services. Several years ago he had a Rover car. That’s not an expensive car at all,” Sergei, the store proprietor was quoted by Reuters. Muromsky is in his thirties and was born in Anapa in Russia’s south the place he labored as a standard programmer.” The group members have been charged and will withstand seven years in jail, in keeping with the report.

Earlier, in November, a report by cybersecurity agency Sophos revealed that ransomware, fueled by cryptocurrency, was concerned in 79 p.c of the worldwide cybersecurity incidents from 2020-2021. The Conti and REvil ransomware assaults have been on high of the listing, notes Sophos.