Following the Massachusetts Streamline Authority and JBS ransomware attacks, Check Point Research (CPR) shares its notes on the Russian-speaking ransomware group, REvil, suspected to be behind some of the latest ransomware attacks. CPR also shares its latest snapshot on ransomware trends across the globe and in the United Arab Emirates. 

  • REvil is known for its use of the double-extortion technique and partnership with affiliates 
  • CPR shares REvil’s “working rules” found on an underground Russian forum, including how working in CIS (and Ukraine) is forbidden 
  • 102% global increase in organizations impacted by ransomware this year, compared to the beginning of 2020
  • 52% increase in cyber attacks year-over-year in the United Arab Emirates 

REvil is one of the most prominent ransomware families on the planet. Operated by the Russian-speaking REvil group, the ransomware family is responsible for dozens of major breaches since 2019. One of the key factors driving REvil’s success is their use of the Double Extortion technique, a technique where threat actors steal data from organizations in addition to encrypting files. This means that, as well as demanding a ransom to decrypt data, attackers can later threaten to leak the stolen information, if an additional payment is not made.

REvil is also known for their collaboration with affiliate hackers, as in they join forces with advanced attackers, who are responsible for breaching new targets, exfiltrating data, and encrypting networks. In turn, the REvil group in turn provides affiliates with the ransomware itself, the leak site and everything money related: from negotiation to payment.

On a wider scale, the REvil ransomware group announced in February 2021 that they added two stages to their Double Extortion scheme: DDoS attacks and phone calls to the victim’s business partners and media. The group now offers DDoS attacks and voice-scrambled VOIP calls to journalists and colleagues as a free service for its affiliates, which is designed to apply further pressure on the victim company to meet ransom demands within the designated timeframe.

In April 2021, REvil demonstrated the use of what we call a Triple Extortion technique. Here, the gang successfully breached Quanta Computer, a prominent Taiwan-based notebook original design manufacturer (ODM), who is a prominent business partner of Apple. Following the ransomware attack, a payment of some $50 million was demanded from the manufacturer, along with a warning that the sum will be doubled unless it was paid on time. Since the company refused to communicate with the threat actors, the threat actors went on to extorting Apple directly, demanding that Apple purchase back blueprints of their products found on Quanta Computer’s network. Approximately a week later, REvil peculiarly removed Apple's drawings from their official data leak website.

Closing note: Following DarkSide’s ransomware attack on Colonial Pipeline and the subsequent international law-enforcement pressure, major underground Russian communities banned the future promotion of ransomware affiliate projects such as REvil. We are still waiting to see how this will unfold and affect ransomware operations such as REvil in the future.

Ransomware Impacts 1,000 Organizations each week

Since the beginning of April, CPR sees an average of over 1,000 organizations impacted by ransomware every week. The statistic follows significant increases in the amount of impacted organizations so far in 2021 - 21% in Q1 and 7% in Q2 – netting a staggering 102% overall increase in organizations impacted by Ransomware compared to the beginning of 2020.   

General Cyber Attack Trends in the United Arab Emirates 

  • Currently an organization in United Arab Emirates is being attacked on average 289 times per week in the last 6 months.
  • When comparing to May 2020 we see an increase of 52% in the amount of cyberattacks in the UAE.
  •   The most common vulnerability exploit type in United Arab Emirates is Remote Code Execution, impacting 62% of the organizations.

Quote: Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East

“Right now we are clearly in the middle of a ‘ransomware pandemic’. By now, we’ve seen attack after attack dominate headlines, from the Colonial Pipeline, to JBS, to now the Massachusetts Steamship Authority. Hackers have gone after everything and exploited every industry from oil to food and utilities. I’m afraid that it’s only going to get worse, as ransomware is big business, and word is quickly getting out that it pays well. The more organizations pay these ransoms, the more they fund a hacker’s R&D efforts to launch more sophisticated attacks. The technique of triple extortion, where hackers threaten not only their targets, but their target’s customers and partners, is a good example of this. It’s safe to say that ransomware is now one of the largest national security threats we face.

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2021

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.