Last Friday, as part of a phone conversation that lasted about an hour, US President Joe Biden calls on Vladimir Putin to ‘take action’ Against cyber attacks using “ransomware” implemented from Russia. During the conversation, the American head of state was emphatic: He warned his counterpart that the White House would accept it “Any action necessary” against those activities.
Days earlier, Biden met with his national security team to analyze potential responses to cyber attacks against North American companies. And the last of them was the one who was executed against the company of CassisServing more than 40,000 organizations around the world.
Experts and local authorities They noted that the REvil group – an acronym for “evil ransomware” – is of Russian origin, which has requested a reward of $70 million to allow the affected companies to resume operations.
New York times I mentioned this Tuesday With the hacker group mysteriously gone, the criminal organization’s websites are no longer on the dark web. Among them was the “Happiness Blog”, which was publicly available and contained a list of their victims and dedicated sites where victims negotiated with REvil to open their data.
REvil players have posted on their blog that the malicious update has infected more than 1 million devices. They also said that they are willing to offer global decryption to the victims of the attack, but in exchange for a payment of $70 million in bitcoins.
Faced with this situation, the New York newspaper raised Three theories Behind the strange disappearance of the Russian hacker group.
The first refers to a possible order from Biden to the cyber leadership of the United States, in cooperation with various federal agencies, such as the FBI, to neutralize the operations of the criminal organization.New York times He notes that the cyber command showed last year that it had this ability, after paralyzing a batch of ransomware that it feared would freeze voter records or other election data in the 2020 presidential election.
Last week, Jen Psaki, a White House spokeswoman, stated that Revell “Working from Russia with subsidiaries around the worldShe stressed that the United States was “clear” in its conversations with the Russian government accusing it of not responding forcefully to cyberattacks against its companies: “If the Russian government is unable or unwilling to take action against criminal actors residing in Russia, we will do so, or at least we reserve the right to take action on our own.”
The second theory is that it was Putin who gave the order to the group to abandon its activities, after explicit warnings from Biden, who also addressed US concerns about Russian cyberattacks during the two leaders’ summit on June 16 in Geneva.
Another option the authorities are assessing is that Revell, given the growing tension between Washington and Moscow, withdrew to avoid getting caught in the crossfire between the two presidents. This is what another Russia-based hacker group did, The dark sideAfter a ransomware attack on the pipeline operator, colonial pipeline.
however, Several specialists have warned that it may be a leaking maneuver, and that the Darkside hackers operate under another name. If so, they warned, the same thing could happen with REvil.
The cyber attack came after those who had suffered in recent months in the United States such as Colonial, the country’s largest oil pipeline network, and JBS, the largest meat processing company in the world, which was the victim of similar operations by hackers. Given the large number of companies potentially affected, the attack could be one of the largest in history.
Instead of a precise and targeted attack on one large company, this hack appears to have used managed service providers مزود randomly spread Through a huge network of small businesses. Unlike most ransomware attacks, REvil does not appear to have attempted to steal sensitive data before banning its victims, he said. Washington Mail Fabian and Sar, CTO of Emsisoft, a company that provides software and advice to help organizations defend against ransomware attacks.
This week, US and British agencies revealed details brute force methods Which they reported was used by Russian intelligence to try to hack into the cloud services of hundreds of government agencies, energy companies, and other organizations.
A warning published by the US National Security Agency described attacks carried out by agents linked to the GRU, Russia’s Military Intelligence Agency, which has previously been linked to major cyber attacks abroad and efforts to disrupt the 2016 and 2020 US elections.
The Director of Cyber Security at the National Security Agency, in a statement, said, Rob JoyceThe campaign, he said, “may have been ongoing, on a global scale.”
Brute force attacks consist of automated access to websites with potential passwords so that hackers can gain access to them. The consultant urges companies to adopt methods experts consider common sense when it comes to security, such as using two-factor authentication and requiring strong passwords.