Single states are turning the tables on ransomware gang Revil by pushing offline

October 21 (Reuters) – Three private sector cyber experts and a former official working with the United States have been hijacked by rappers in several countries this week, according to Rivell.

Former allies and accomplices of a Russian-led criminal gang have been responsible for a series of cyber-attacks in May on the east coast of the United States. Victims of Civilian direct victims include JBS (JBSS3.SA). The “Happy Blog” website, which was used to extract victims’ information and exploit companies, is no longer available.

Officials say the colony used darkSide encryption software developed by REvil affiliates.

VMWare (VMW.N) cyber security strategy chief Tom Kellerman said the law enforcement and intelligence team prevented the company from falling victim to more companies.

“The FBI has collaborated with cyber command, intelligence services and like-minded countries to crack down on these groups,” said Kellerman, a US intelligence service cybercrime detective. Details. “

The leader, known as “0_neday”, who helped the group resume operations after an earlier interruption, said the servers were hijacked by an unnamed person.

0_neday Last weekend he wrote on a cybercrime forum: “The server was damaged, and they were looking for me” and was first seen by Security Agency Recorded Future. “Good luck to you all. I’m out.”

In July, the US government attempted to stop Ravell, one of the world’s most notorious runaway hackers, from hacking into US companies and crippling hackers around the world.

That breach opened access to hundreds of Cassia customers at the same time, leading to many emergency cyber emergency calls.

The key to extinction

Following the attack on Cassia, the FBI has obtained a universal decryption key that allows Cassia detainees to access their files without paying a ransom.

However, the FBI later acknowledged that law enforcement officials had blocked the key for the first few weeks when it quietly chased Ravell staff.

According to three people familiar with the matter, law enforcement and spy cyber specialists have been able to hack into the Railway computer network infrastructure, controlling at least some of their servers.

The group’s spokesman, who identified himself as “unknown”, went offline in July after the hackers’ businesses went offline.

When a member of the gang 0_neday and other websites returned from a backup last month, he unknowingly restarted some internal systems previously controlled by law enforcement.

“The Real Ransamware team has restored the infrastructure from its backups, assuming that no damage has been done,” said Oleg Schulkin, vice president of forensics laboratory at Russian-based security group Group IB. “Surprisingly, the gang changed the way they corrupted their favorite backups.”

Secure backups are one of the most important defenses against roaming attacks, but they must be kept unconnected to the main network or they can be encrypted by hackers such as REvil.

A White House National Security Council spokesman declined to comment specifically on the operation.

“In general, we are trying to disrupt the redemption of infrastructure and actors, work with the private sector to modernize defense, and build international partnerships to hold countries responsible for ransom,” he said. .

The FBI declined to comment.

A source familiar with the matter said that the US government was involved in the hijacking of a Railway computer architecture by a foreign partner. An unnamed former US official said the operation was still underway.

The success stems from US Deputy Attorney General Lisa Monaco’s decision to consider rampant attacks on critical infrastructure to be considered a national security issue similar to terrorism.

In June, Assistant Attorney General John Carlin told Reuters the Department of Justice was raising investigations into ransomware.

Such measures provide a legal basis for the Department of Justice and other agencies to seek assistance from the US Intelligence Agency and the Department of Defense, Kellerman said.

“He hadn’t been able to break into these forums before, and the soldiers didn’t want him to have anything to do with it. Since then, the gloves have come out.”

Reporting by Joseph Mann and Christopher Bing; Edited by Chris Sanders and Grant McCool

Our Standing Principles Thomson Reuters Trust Principles.


Leave a Comment