What is REvil, the ransomware team dismantled by Russia at US request

The announcement will come as Ukraine was responding to a massive cyberattack that shut down federal government sites, nevertheless there was no indicator the incidents had been associated. Here we take a nearer look at REvil ransomware gang and its working.

Who/what is REvil?

REvil’s name is an amalgam of “ransomware” and “evil”. The group is a Russia-based mostly hacking organisation. Protection scientists have beforehand named the organisation’s family members of malware as REvil/Sodinokibi, or REvil.Sodinokibi.

Gangs these kinds of as REvil deploy ransomware, which is primarily a file blocking virus that encrypts files right after infection. Right after the facts is stolen and designed inaccessible to the victim, the group sends out a ransom ask for concept to the victims. The message commonly requires that the ransom be paid in cryptocurrencies these kinds of as Bitcoin. If the ransom is not paid out in time the demand from customers doubles. The cause cryptocurrencies are preferred is because of to perceived anonymity and ease of online payment.

The team REvil would steal details from the desktops, lock the victims out of their desktops, and then threaten to launch stolen data by auctioning it off. This is a special procedure of applying added pressure on victims.

REvil also acted as a business and marketed hacking technological know-how among the other resources to 3rd-occasion hackers. REvil users would lease that ransomware to other hacking teams so that a very similar assault could be applied. They would supply ransomware as services (RaaS). In exchange for working with REvil’s companies and malware, the team would a substantial slice of any ransomware payments from the other group.

Apparently, some of the most high-profile ransomware assaults of this 12 months were being accomplished through RaaS teams, like the well-known ransomware attack in May well against Colonial Pipeline, an American oil pipeline corporation, exactly where the cybercriminal leased the support of REvil.

The ransomware gang has been joined to significant-profile attacks, which include versus Quanta, a Taiwanese corporation that sells information center equipment to Apple. REvil said it was ready to steal delicate data from Apple-like computer system types and demanded a $50 million ransom. Nonetheless, as tech publication MacRumors reported in April, REvil “mysteriously removed all references related to the extortion attempt from its dark net site.” As of now, it is unclear regardless of whether Apple or Quanta compensated the ransom.

It really should be mentioned that, compared with state-sponsored hackers, REvil is purely financially determined. The notorious group also took credit rating for hacking New York regulation agency Grubman, Shire, Meiselas & Sacks, saying to have received documents connected to former President Donald Trump.

The shutdown of REvil

In a joint procedure, police and FSB searched 25 addresses, detained 14 folks, and seized 426 million roubles (about Rs 40 crore), $600,000 (about Rs 4 crore), 500,000 euros, laptop or computer devices, and 20 luxury automobiles.

According to Reuters, a Moscow court recognized the two accused as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months. Muromsky was a website developer who built internet websites for a shop called “Motohansa” promoting motorcycle spare components.

“He is a intelligent person and I can envision that if he needed to do it (hacking) he could, but he billed incredibly tiny dollars for his solutions. Several several years back he experienced a Rover car. That’s not an expensive vehicle at all,” Sergei, the store operator was quoted by Reuters. Muromsky is in his thirties and was born in Anapa in Russia’s south where by he labored as a regular programmer.” The team customers have been billed and could experience up to 7 decades in jail, in accordance to the report.

Previously, in November, a report by cybersecurity firm Sophos discovered that ransomware, fueled by cryptocurrency, was included in 79 percent of the worldwide cybersecurity incidents from 2020-2021. The Conti and REvil ransomware attacks have been on top of the list, notes Sophos.