Hackers behind Data Breaches at Acer and Apple in turn hacked by the FBI
Table of Contents
- By David Lukic
- Published: Nov 04, 2021
- Last Updated: Mar 18, 2022
REvil, the hacking gang responsible for a variety of ransomware attacks is offline. According to Reuters, the US government has successfully hacked the gang's dark web websites. The FBI collaborated with the Secret Service, Cyber Command, and foreign organizations in a multi-country operation to bring the group's operations to a halt.
What Cyber Attacks are REvil Responsible for?
Due to the high-profile nature of the attacks associated with it, REvil has received a lot of attention. It has been blamed for assaults on top meat processor JBS, IT management software provider Kaseya, foreign exchange company Travelex, consumer electronics manufacturer Acer, and an attack on an Apple supplier that exposed designs for the 2021 MacBooks prior to their official release.
The Financial Crimes Enforcement Network of the US Treasury listed the gang as one of the largest ransomware outfits in terms of reported payouts. JBS for instance, paid an $11million ransom after a cyber-attack shut down operations in the US, Australia, and Canada. Travelex paid $2.3 million, Acer was asked to pay $50 million but negotiated to $10million.
It was after the organization attacked US software management business Kaseya in July that the US government efforts to stop.
How Did the FBI Hack Revil?
TechCrunch reported shortly after the Kaseya breach that REvil’s website was down but no one took responsibility for the hack. Reuters later revealed the active operations against the ransomware hackers and that they forced the dark web blog offline. When a member of the gang restored those websites from a backup, they unintentionally restarted some internal systems that were already under law enforcement's control.
The breach had granted access to hundreds of Kaseya customers at the same time, resulting in a large number of emergency cyber incident response calls. This was instrumental in the FBI’s hack operation against REvil. Following the Kaseya attack, the FBI obtained a universal decryption key, allowing those affected to recover their files without having to pay a ransom.
According to the Washington Post,
“law enforcement officials withheld the key for weeks while quietly pursuing REvil's staff, allowing intelligence cyber specialists to hack REvil's computer network infrastructure and gain control of at least some of their servers.”
Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB, gave a statement saying,
“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised, ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”
Who Does Ransomware Affect?
Ransomware attacks target corporations as well as individuals, resulting in a variety of undesirable outcomes. This includes loss of sensitive or private information, whether temporary or permanent. It’s also possible to damage the organization’s reputation as well as suffer financial losses when trying to restore systems and files.
A few stats from Varonis, a U.S. software company
- Malicious emails are up 600% due to COVID-19. (ABC News, 2021)
- 37% of respondents’ organizations were affected by ransomware attacks in the last year. (Sophos, 2021)
- In 2021, the largest ransomware payout was made by an insurance company at $40 million, setting a world record. (Business Insider, 2021)
- The average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. (National Security Institute, 2021)
- The average downtime a company experiences after a ransomware attack is 21 days. (Coveware, 2021)
- The most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. (Cybersecurity & Infrastructure Security Agency, 2021)
- From a survey conducted with 1,263 companies, 80% of victims who submitted a ransom payment experienced another attack soon after, and 46% got access to their data but most of it was corrupted. (Cybereason, 2021)
- Additionally, 60% of survey respondents experienced revenue loss and 53% stated their brands were damaged as a result. (Cybereason, 2021)
- Ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020. (Health and Human Services, 2021)
- Ransomware attacks against U.S. healthcare providers have caused over $157 million in losses since 2016. (HIPAA Journal, 2020)
- Over 204,000 people experienced a login attempt to access their banking information. (Hub Security, 2021)
- In 2020, 70% of the 52% of attacks that went after financial institutions came from the Kryptik Trojan malware. (Hub Security, 2021)
According to Search Security, ransomware attacks are on the rise and continue to be a disruptive force in the cybersecurity industry and due to the rise in remote work prompted by the pandemic, attacks are up 148%.