fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Seizes $6 Million from REvil Ransomware, Arrest Kaseya Hacker

US Seizes $6 Million from REvil Ransomware, Arrest Kaseya Hacker

The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner.

The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity on October 8 at the behest of the U.S. when trying to enter Poland from his native country.

Vasinskyi is known by several aliases (Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22). He is one of the seven REvil ransomware affiliates that have been apprehended so far, in ample international efforts to combat the ransomware threat.

Also Read: Top 3 Simple Data Backup Singapore and Recovery Methods

Ransom demands of over 760 million

While the news of Vasinskyi getting arrested did not go unnoticed, the exact reason was unclear until his indictment and arrest warrant were unsealed on November 5.

In a press conference today, the DoJ announced the charges against Vasinskyi, underlining his involvement in the Kaseya attack that impacted around 1,500 businesses worldwide.

REvil ransomware, also known as Sodinokibi, is the successor of GandCrab and had an initial test run in April 2019 in an attack that exploited a vulnerability in WebLogic Server.

According to the indictment, Vasinskyi is a long-time affiliate of the REvil ransomware operation, being part of it since at least March 1st, 2019, and deployed about 2,500 attacks against businesses worldwide.

The investigation revealed that Vasinskyi’s ransom demands amounted to $767 million but victims paid only $2.3 million. The operator is believed to have deployed ransomware on the networks of at least nine companies in the U.S.

In contrast, the entire REvil ransomware operation received more than $200 million since it started activity and encrypted at least 175,000 computers.

Also Read: What is Pseudonymisation: 5 Techniques and Its Best Practices

Of all the companies attacked, the one on Kaseya managed service provider (MSP) was the biggest, the ransom demand being $70 million to decrypt all the systems.

This incident acted as a catalyst for the U.S. to start an ample operation against the ransomware threat in cooperation with law enforcement across the world.

The U.S. is now requesting Vasinskyi’s extradition and has unsealed the charges against him.

Seizing ransomware money

The DoJ also announced that law enforcement seized $6.1 million from another REvil ransomware affiliate, Russian national Yevgeniy Polyanin, who is currently at large.

Previously, the U.S. has recovered $4.4 million of the ransomware payment that Colonial Pipeline paid to the DarkSide ransomware gang following an attack that lead to temporary gas shortages.

Polyanin (a.k.a. LK4D4, Damnating, damn2Life, Noolleds, Antunpitre, Affiliate 23) is believed to have perpetrated about 3,000 ransomware attacks against various organizations, including multiple U.S. government entities and private-sector companies, extorting around $13 million from victims.

According to the indictment, Polyanin accessed and encrypted the networks of 13 government entities in Texas around August 16, 2019.

If the date sounds familiar it’s because that’s when 22 local governments had their systems locked in a REvil ransomware attack that leveraged flaws in software from an MSP.

While the hackers asked for a collective ransom of $2.5 million, one of the largest at the time, they got nothing as a coordinated state and federal response recovered the systems.

As part of the strategy to counter the ransomware threat, the U.S. Department of Treasury today announced sanctions against both Polyanin and Vasinskyi, blocking all property and interests in their property falling under the U.S. jurisdiction.

“Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action” – U.S. Treasury

The charges against Polyanin are the same as for Vasinskyi:

  • conspiracy to commit fraud and related activity in connection with computers (one count for each defendant)
  • intentional damage to a protected computer (nine counts for Vasinskyi, 12 for Polyanin)
  • conspiracy to commit money laundering (one count for each defendant)

In about five months, the DoJ’s efforts have resulted in arresting seven affiliates of the REvil ransomware operation.

On November 4, authorities in Romania arrested two alleged REvil ransomware partners. A GandCrab affiliate was arrested on the same day in Kuwait. The other three individuals were apprehended in February, April, and October.

“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” – FBI Director Christopher Wray

Apprehending these REvil affiliates was possible through coordinated efforts from investigators and prosecutors from several jurisdictions:

– Romania’s National Police and the Directorate for Investigating Organised Crime and Terrorism

– Canada’s Royal Canadian Mounted Police

– France’s Court of Paris and BL2C (anti-cybercrime unit police)

– Dutch National Police

– Poland’s National Prosecutor’s Office, Border Guard, Internal Security Agency, and Ministry of Justice

– the governments of Norway and Australia

Update [November 8, 14:50 EST]: Added more information from Polyanin’s indictment and the DoJ press release.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us