fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Russia Arrests REvil Ransomware Gang Members, Seize $6.6 Million

Russia Arrests REvil Ransomware Gang Members, Seize $6.6 Million

The Federal Security Service (FSB) of the Russian Federation says that they shut down the REvil ransomware gang after U.S. authorities reported on the leader.

More than a dozen members of the gang have been arrested following police raids at 25 addresses, the Russian security agency says in a press release today.

“The basis for the search activities was the appeal of the competent US authorities, who reported on the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies by introducing malicious software, encrypting information and extorting money for its decryption” – Russia’s Federal Security Service

Also Read: 7 Phases Of Data Life Cycle Every Business Must Be Informed

Russian authorities have detained 14 individuals suspected to be part of the REvil ransomware-as-a-service (RaaS) operation and confiscated cryptocurrency and fiat money as follows:

  • more than 426 million rubles (approximately $5,5 million)
  • 600 thousand US dollars
  • 500 thousand euros (approximately $570,000)

Russian authorities also confiscated 20 luxury cars purchased with money obtained from cyberattacks, computer equipment and cryptocurrency wallets used to develop and maintain the RaaS operation.

Footage from the raids available below shows how officers detained the suspects and confiscated money and electronics:

The raids took place at addresses in Moscow, St. Petersburg, Leningrad, and Lipetsk regions.

The FSB says that it was able to identify all members of the REvil gang, documented their illegal activities, and establish their participation in “illegal circulation of means of payment.”

Apart from creating the file-encrypting malware and deploying it on enterprise networks across the globe, REvil members were also involved in stealing money from the bank accounts of foreign citizens.

“As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community ceased to exist, the information infrastructure used for criminal purposes was neutralized” Russia’s Federal Security Service

 The FSB says that they informed the representatives of the competent U.S. authorities about the results of the operation.

REvil ransomware crumbles

REvil ransomware (aka Sodin and Sodinokibi) emerged in April 2019 from the void left behind by the shut down of the GandCrab operation.

In less than a year, the gang became the most prolific ransomware group, asking for some of the highest ransoms from its victims. It rose to infamy in August 2019 when it hit multiple local administrations in Texas and demanded a collective ransom of $2.5 million – the highest to that date.

Also Read: 9 Policies For Security Procedures Examples

Soon, asking for huge amounts of money from large organizations and getting paid became the norm. In a year, the gang claimed profits in excess of $100 million.

REvil’s most publicized hit was the Kaseya supply-chain attack that crippled around 1,500 businesses all over the world. The ransom demand to decrypt all organizations was $70 million in Bitcoin.

This attack prompted a stern response from the U.S., with President Biden asking President Putin to take action against cybercriminals residing in Russia; otherwise, the U.S. would take action on its own.

The gang was also the first to have a representative going by the forum name UNKN at first, later switching to Unknown, who promoted the REvil RaaS business in the Russian-speaking criminal hacker community.

This public-facing representative disappeared soon after the Kaseya attack (some assumed Unknown was arrested) and pressure from international law enforcement increased.

After the Kaseya attack, the REvil operation took a break and then resumed operations two months later. What the operators did not know was that law enforcement had breached their servers before the hiatus and when they restored the systems from backups the criminals also restored machines controlled by law enforcement.

FSB’s action against REvil comes after the U.S. and international law enforcement organizations joined forces to identify and arrest members of ransomware operations.

As a result, the U.S. announced in November 2021 that it had arrested a REvil ransomware affiliate (Ukrainian national Yaroslav Vasinskyi) responsible for the Kaseya attack and seized over $6 million from another Revil partner (Russian national Yevgeniy Polyanin), believed to have deployed about 3,000 ransomware attacks.

The same month, authorities in Romania arrested two REvil ransomware affiliates responsible for 5,000 attacks that brought them EUR 500,000 from collected ransoms.

Update [January 14, 2022, 13:26 EST]: Added background information about the REvil ransomware gang and arrests of its affiliates

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us