Dark Web Spotlight: REvil Hijack

REvil hijacked by LV Ransomware

REvil, the private ransomware-as-a-service (RaaS) gang, has had its ransomware code stolen. REvil is most widely known for extorting $11 million from the meat-processing company JBS after a Memorial Day attack and demanding $70 million from software company Kaseya over the 4th of July weekend. The recent Kaseya attack shut down 800 Coop grocery stores in Sweden after their cash register software supplier was disabled. Present estimates suggest that 800 to 1500 small to medium-sized companies may have experienced a ransomware compromise through their MSP. According to researchers from Secureworks Counter Threat Unit, the LV strain is based on REvil ransomware code. The LV operators used a hex editor to repurpose a REvil binary for their ransomware. The copycat appears to be replicating REvil’s modus operandi in many ways, but they seem to have a less sophisticated arsenal of skills. Businesses around the world are attacked using ransomware roughly every 11 seconds, according to Cybersecurity Ventures. The security firm projects that global ransomware losses this year will reach $20 billion. Locating and securing shadow assets is critical in preventing ransomware; services like Asset Discovery and Monitoring are vital in doing so.