Ransomware gang taken down, digs its own grave – Turns aggressive

In this era of cyber-advancements, every type of cyber attack has shown its true potential but one type just remains strong, evolving and sophisticated with time. No wonder, Darwin’s theory of evolution definitely is applicable with these cyber-attacks as well. As per multiple surveys including auth0, cyber magazine, and purplesec, the most common type of prevailing attack today is malware – especially the ransomware attacks. According to Varonis, ransomware attacks have dominated across multiple sectors including IT, healthcare, education, finance and government sectors. Some of the groups that have been involved in these espionage include Netwalker, Conti and the REvil group. 

Graham Cluley’s post about the REvil gang got me so intrigued that I wanted to write the post. The backdrop is that early this week, the ransomware gang REvil was hacked by itself and was forced offline by a multi-country operation according to three private sector cyber experts working with the US. According to Reuters, former partners and associates of the Russian-led criminal gang were responsible for a major cyberattack involving the Colonial pipelines thereby creating a catastrophic havoc resulting in widespread gas shortage. The group REvil also targeted the famous meat packer JBS. The group also maintains a website which primarily served as a ground to leak any victim data and extort companies, has been taken down. 

Source : Reference

The software called Darkside which was designed to execute the Colonial people was designed by the REvil group. So now, it seems a leader figure aka ‘0_neday’, responsible for restarting the group’s operations following a shutdown said that its servers had been hacked by an unnamed party. O_neday had confirmed on a cybercrime blog that the law enforcement agencies were able to infiltrate the REvil server, network infrastructure getting hold of some of the severs. Seems the restoration was done from a backup involving some internal systems that was earlier recovered by law enforcement. Ironically, the gang’s own favorite strategy of compromising was turned against them confirmed, Oleg Skulkin, head of forensics lab at Russian based security company Group IB. [Reference]

Is there way to reduce, prevent or eradicate such ransomware groups, who are always on the run and executing impactful cyber attacks. Though its ironical that a cybercriminal who hacks into companies to make a living, and complains that criminal hackers themselves have been hacked, quoted by Graham Cluley. The FBI and other law enforcement agencies are putting in a great a deal of efforts to avoid and defend such ransomware attacks. Security can no longer be taken lightly immaterial of the size of the organization, but its evident, the bigger the profile, the odds seems to be higher. 

Published by The Art of Cyber-Space

I am a security professional specializing in incident management and network security. With vivid experience in different industries, I love exploring various ideologies and share knowledge about the current threat landscape to instill more cybersecurity awareness. 

Published by The Art of Cyber-Space

I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of neuroscience and neurotechnology research from a security perspective. I love exploring various blog posts and share knowledge about the current threat landscape to instill more cybersecurity awareness.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: