Ransomware franchise is known for high-pressure tactics designed to pressure victims.
The cyberattack that halted some operations at the world’s biggest meat processor this week was the work of REvil, a ransomware franchise that’s known for its ever-escalating series of cut-throat tactics designed to extort the highest price.
REvil and its affiliates account for about four percent of attacks on the public and private sectors. In most respects, REvil is a fairly average ransomware enterprise. What sets it apart is the cruelty of its tactics, which are designed to exert maximum pressure on victims, lest they be hesitant to pay premium prices.
In one case, the REvil dark web site posted a screenshot purporting to show that porn was present in a temporary files folder of a computer belonging to the IT director of a large company that had recently fallen victim to the group.
“While he was jerking his cock, we downloaded several hundred gigabytes of private information about the company’s customers," said the post. "God bless his hairy palms. Amen!”
REvil is also the group that hacked Grubman, Shire, Meiselas & Sacks, the celebrity law firm that represented Lady Gaga, Madonna, U2, and other top-flight entertainers. When REvil demanded $21 million in return for not publishing the data, the law firm reportedly offered $365,000. REvil responded by upping its demand to $42 million and later publishing a 2.4GB archive containing Lady Gaga legal documents.Advertisement
Last year, REvil started auctioning off the confidential information of victims who refuse to pay. In March, the group announced a new service that contacts the media and victims’ partners to inform them of a breach. REvil can also threaten victims with DDoS attacks.
REvil first appeared in April 2019 and quickly developed a reputation for technical prowess when it used legitimate CPU functions to bypass security systems. In April of this year, Kaspersky ranked REvil as the number three top ransomware group.
Supply chains under threat
In April, REvil stole data from manufacturer Quanta Computer and then demanded $50 million from Apple in exchange for not publishing technical data it had obtained for unreleased Apple products. The group went on to publish schematics for two Apple products on the day they were announced. The data has since been removed, for reasons unknown.Further ReadingRansomware gang is auctioning off victims’ confidential data
This week’s incident came three weeks after ransomware closed down the Colonial Pipeline, an event that caused shortages of gasoline and jet fuel up and down the east coast of the US.
Production began to resume at US-based JBS beef plants on Wednesday, though thousands of JBS workers in the US, Canada, and Australia had shifts adjusted or canceled earlier this week.
Such ransomware attacks continue to expose the fragility of the country’s supply chains as leaders in the private and public sectors struggle, largely in vain, to contain the threat.
Attack on meat supplier came from REvil, ransomware’s most cut-throat gang
As Apple's annual WWDC conference wraps up, we have a whole week ...
CD Projekt Red, the maker of The Witcher series, Cyberpu...
One of the tasks nearly any sysadmin frequently encounters is the...
Chrome is ending its war on address bar URLs—at least for now. About a year a...
Android 12 Beta 2 came out this week, and with it, a lot of features we've ...
A new blog post from the developers of Apple-owned, hyperlocal we...