Total Tests:

REvil Ransomware’s Stolen Data Auction Sets Precarious Precedent Amid Pandemic

By Byron Mühlberg for CPO Magazine
Wednesday, June 17, 2020

The REvil ransomware criminals, reportedly from Eastern Europe, gained global notoriety last month after carrying out a series of high-profile data breaches which involved a large number of prolific figures, including such celebrities as Madonna and Lady Gaga, through its attack against law firm Grubman Shire Meiselas Sack—even going so far as to involve US President Donald Trump.

Krebs’s view on the group’s motives is partly shared by Ilia Kolochenko, founder and CEO of internet security company ImmuniWeb. According to him, the pandemic has spurred an increase in oftentimes unsophisticated attackers targeting companies in order to make ends meet amid an unemployment surge.

“Sadly the coronavirus pandemic has pushed many beginners in the IT field to become cybercriminals amid unemployment and lack of finding a well-paid job in their field,” said Kolochenko. “Thus, we will likely see a surge of fake extortion campaigns ventured by the newbies and aimed to strip organizations out of cash in a simple and swift manner.”

While the cybercriminals behind REvil ransomware are likely to be highly sophisticated attackers, the same trend likely holds true in their case nonetheless. As other cybersecurity experts point out, the fact that stolen data is being auctioned off in the first place indicates the dire straits in which many companies find themselves financially.

“The problem is a lot of victim companies just don’t have the money [to pay ransom demands] right now,” Lawrence Abrams, editor of the cybersecurity publisher BleepingComputer told KrebsonSecurity. “Others have gotten the message about the need for good backups, and probably don’t need to pay. But maybe if the victim is seeing their data being actively bid on, they may be more inclined to pay the ransom.”

Emerging trends in ransomware protection

According to cybersecurity professionals, the REvil ransomware gang’s new tactic of trying to action off stolen data suggests a number of noteworthy developments. One such trend, according to Kolochenko, is a rise of “fake threats”, in which cybercriminals put up a bluff by pretending to possess data that they, in fact, do not. “Many organizations, whose business largely depends on its reputation, are well prepared to pay a fortune to avoid negative publicity,” Kolochenko pointed out to this end.

“Another relatively new but rapidly growing scenario is exaggeration of nature or value of data stolen and encrypted by a ransomware,” he added, pointing out that because corporate data which is often “chaotically dispersed” across an organization’s computers and servers, IT leaders end up having limited visibility of their attack surface, and unable to verify whether or not the data was in fact breached in the first place.

“Once a machine is hacked and encrypted, victims may well believe that attackers will find a backup of their database, critical source code or other important trade secrets,” Kolochenko went on. “However, prior to paying a ransom, you should carefully investigate, analyze and assess the situation to avoid falling victim to manipulative fraudsters.” Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential