Friday, July 30, 2021
Home Technology Russia’s most aggressive ransomware group disappeared. It’s unclear who disabled them.

Russia’s most aggressive ransomware group disappeared. It’s unclear who disabled them.

The second theory is that Mr. Putin ordered the group’s sites taken down. If so, that would be a gesture toward heeding Mr. Biden’s warning, which he had also conveyed, in more general terms, when the two leaders met on June 16 in Geneva. And it would come just a day or two before a U.S.-Russia working group on the issue, set up during the Geneva meeting, is supposed to hold a virtual meeting.

A third theory is that REvil decided that the heat was too intense, and took the sites down itself to avoid becoming caught in the crossfire between the American and Russian presidents. That is what another Russian-based group, DarkSide, did after the ransomware attack on Colonial Pipeline, the U.S. company that in May had to shut down the pipeline that provides gasoline and jet fuel to much of the East Coast after its computer network was breached.

But many experts think that DarkSide’s going-out-of-business move was nothing but digital theater, and that all of the group’s key ransomware talent will reassemble under a different name. If so, the same could happen with REvil, which Recorded Future, a Massachusetts cybersecurity firm, estimates has been responsible for roughly a quarter of all the sophisticated ransomware attacks on Western targets. .

Allan Liska, a senior intelligence analyst at Recorded Future, said that if REvil has disappeared, he doubted it was voluntary. “If anything, these guys are braggadocios,” Mr. Liska said. “And we didn’t see any notes, any bragging. It sure feels like they abandoned everything under pressure.”

There were suggestions that the pressure may have come from Russia. The commander of United States Cyber Command and director of the National Security Agency, Gen. Paul M. Nakasone, was not expected to get the full options for U.S. action against ransomware actors until later this week, several officials said. And there was no evidence that REvil’s sites had been “seized” by a court order, which the Justice Department frequently posts.

Cyber Command declined to comment.

While shutting REvil for now would give Mr. Putin and Mr. Biden a chance to show they were confronting the problem, it could also give the ransomware actors an opportunity to walk away with their winnings. The big losers would be the companies and towns that do not get their encryption keys, and are locked out of their data, perhaps forever. (Often when ransomware groups disband, they publish their decryption keys. That did not happen on Tuesday.)

Mr. Biden is expected to roll out a ransomware strategy in coming weeks, making the case that Colonial Pipeline and other recent attacks show how crippling critical infrastructure constitutes a major national security threat.

Source link


Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Nooses, Anger and No Answers: Inside the Uproar Over a Future Amazon Site

Representatives for Amazon and the other companies involved say they have done everything they can, delaying construction twice, adding security and cameras at...

Simone Biles and the Unprecedented Olympic Pressure

Olympic athletes are used to pressure. Before every Games, a handful of stars from each country get singled out as medal contenders, their...

Rahul Gandhi writes to FM seeking relief to farmers on repayment of crop loans

Congress leader Rahul Gandhi on Thursday wrote to Finance Minister Nirmala Sitharaman urging her to extend the moratorium on repayment of short-term.crop loans...

Huawei P50 Pro, Huawei P50 With 50-Megapixel Main Cameras Launched

Huawei P50 Pro and Huawei P50 smartphones have been launched in the Chinese market. The two phones sport unique capsule-like rear camera modules....

Recent Comments

Close Bitnami banner