Cybersecurity experts report that a purported member of REvil, one of the world’s most dangerous ransomware groups, disclosed multiple details about the activities of these hackers. According to this report, hackers prefer to attack secured companies against cybersecurity incidents, as well as claiming that REvil avoids political conflict but has access to major nuclear facilities and even missile launch systems.
This alleged hacker, self identified as “Unknown” on various dark web forums, was interviewed by Dmitry Smilyanets, from security firm Recorded Future. As you may remember, operators of REvil (also known as Sodinokibi) base their attacks on the use of spam, exploits, and flaws in remote desktop services and managed service providers.
During the interview, the hacker mentioned that this has always been a very lucrative cybercriminal practice, even since its inception and before an advanced process of sophistication. In addition, Unknown states that profits have increased since the advent of cyberattack insurance: “Sometimes we first attack insurance companies to find out which companies have cyberattack insurance; after reviewing this information, the real attacks begin.”
On the other hand, the cybercriminal confirmed that the coronavirus pandemic impacted REvil operations to some extent, so in many cases they negotiated bailouts for smaller than expected amounts. However, this is not repeated in the affected pharmaceutical companies, as many of them have seen their revenues increase due to the health crisis: “It is worth paying attention to these companies, they are making good profit margins,” adds Unknown.
On the possibility that this variant of ransomware will be used as a cyberwarfare resource, Unknown states that the infrastructure of this malware could be very useful in a potential cyberwarfare scenario, although it believes that this would be counterproductive to all actors involved.
Eventually, the hacker issued a controversial recommendation to negotiators working for the affected companies: “Avoid submitting too low bids; when this happens we assume that we will not make a profit and the stage of selling stolen information begins,” says the cybercriminal.
The statements issued in this interview confirm some theories of the cybersecurity community, such as the fact that REvil tries not to get involved in politics and not engage public and private organizations in too poor countries.
What do you think about ransomware operator groups? Do you know other similar criminal associations? To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.