The ransomware has become a problem of its own, and if not ask the Taiwanese company Acer, one of the last companies affected by the REvil ransomware, which they have given until March 28 to pay a fee. rescue whose figure amounts to 50 million dollars.
The REvil ransomware, also known as Sodinokibi, operates as a Ransomware-as-a-Service (RaaS), meaning that there is an affiliate program that allows other criminals to have access to the threat to distribute it independently and share profits. It is a group that has been active since April 2019 and that targets both large companies and small companies, adapting the amounts required for the ransom according to the characteristics of the victim.
The attack vectors that it has most commonly used are RDP brute force, spearphishing emails, exploiting vulnerabilities and exploit kits such as Trickbot, for example. Giving in to this blackmail can pose a great risk, mainly because we have no guarantee that the attacker will decrypt the information as we always say. In addition, cybercriminals who carry out these types of attacks tend to take great care of their anonymity and require payment using cryptocurrencies, which are very difficult to trace and even more difficult to recover.
According to experts on security, an entry by the representative of ‘REvil Ransomware’, UNKN, has been published in a Russian hacking forum in which they announced that the data stolen by the malware would be sold to other competitors, or even made public if the payment is declined, taking the recent case of CyrusOne as an example.
Measures must always be taken to face these threats since, as we well know, no one is safe from being infected by malware of this type. However, a trend is beginning to be seen in which attackers prefer larger targets, such as financial institutions or large companies.
Related reads:
Ryuk is a Ransomware that attacks companies
Pysa Ransomware – A Danger for your data
[…] reads:REvil is a dangerous ransomwarePureLocker Ransomware that encrypts […]