The world is rejoicing. The Russian cyber gang responsible for two of the biggest ransomware attacks in history, JBS and Kaseya, has been taken offline. The real question is, for how long? Many believe that they were taken offline by political officials, from either the U.S. or Russia. Given the amount of tension the Kaseya attack put between the American and Russian governments, that may be true. While this may be entirely possible, they will be back, likely under another name. However, they will continue to use a bulk of the same code. Similar to how REvil was previously known as Sodinokibi and repurposed a large portion of that coding.
REvil Will Be Back
The cyber gang knows what is effective, and with ransomware threats growing in terms of severity, staying out of the game now is not likely. Alternatively, it would be reasonable to believe they are merely calling a time-out. Whether it was forced upon them or not, it really doesn’t matter. What is important to understand is, they are likely using this time to reorganize their business infrastructure.
Many may not see cyber crime as a business, but it is, just an illegal one. They use the same business model as most, if it’s profitable the business will continue. Ransomware payouts continue to rise. Additionally, cyber criminals have created a residual income model by stealing their victim’s data as well as encrypting it. This gives them the opportunity to extort their victims on a reoccurring basis. If the victim doesn’t pay the monthly, quarterly, or annual fee to keep their client, patient, or customer data off the dark web, it will be exposed. This in itself brings cybercrime to a new level. Knowing this, why would one of the biggest cyber gangs just hang up their hats and go home? They wouldn’t. They are using this time to restructure, and plan their future.
The world may be rejoicing that REvil is offline, but it would be considered naïve to believe they are gone for good.
Just as REvil is using this time to restructure, organizations should be doing the same when it comes to their security stacks. Reevaluate what methods are currently in place, and ensure a layer of application whitelisting is included. Without it, organizations will likely find themselves as the next victims.
391 total views, 9 views today