💰💣

REvil Group Security Incident

2021 1725 days ago Resolved

Incident Overview

Situation Description

The REvil Group, a notorious ransomware-as-a-service attack group, was responsible for numerous ransomware attacks on organizations worldwide, including major companies like Invenergy, Acer, Kaseya, JBS, and Quanta Computer Inc.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Manufacturing

Geographic Scope

Global

Response Actions

Paid a Ransom Restored Systems from Secure Backups

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$11,000,000 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Intellectual Property Operational / System Data

Primary Impacts

Financial Loss Data Exposure Operational Disruption

Key Decisions Made

REvil ransomware scams were responsible for 25% of ransomware attacks from January 2021 to July 2021.; Invenergy suffered REvil ransomware attacks in June 2021, with the group exfiltrating four terabytes of data.; JBS paid the cybercriminal group a ransom of $11 million in Bitcoin to prevent any potential risk for its customers.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

REvil Group Sodinokibi

Vulnerability / Tool

CVE-2021-30116

Additional Information

Log in Username or Email Address Password Remember Me Forgot password? Search the site... Search for All categories Cybersecurity Awareness Cyber Attacks Social Engineering Miscellaneous Reset 5 minutes reading Ransomware REvil Group: Notorious Ransomware Kumar Shantanu August 26, 2022 9913 0 REvil Group (Ransomware Evil), also known as Sodinokibi, is an infamous private ransomware-as-a-service attack group (RaaS) held responsible for several vicious ransomware attacks on organizations worldwide. According to an article by Dark Reading, REvil ransomware scams were the most common ransomware variant responsible for 25% of ransomware attacks from January 2021 to July 2021 . Table of Contents Toggle Subscribe to Our Newsletter On Linkedin Sign up to Stay Tuned with the Latest Cyber Security News and Updates Subscribe Who is REvil Group? REvils name stands for Ransomware Evil and is enlightened by the Resident Evil movie series. Previously, security researchers dubbed the organizations malware family REvil or Sodinokibi. The REvil group is a hacking organization based in Russia. The REvil first showed up in April 2019 and became well-known after GandCrab, another RaaS gang that shut down its service. Investigators and security firms initially identified REvil as a strain of GandCrab or established various connections between the two. In a recent interview, an accused member of the REvil confirmed that the ransomware was not a new creation. It was built on top of an old codebase that the group acquired. How REvil Group Works? REvil group is one of the ransomware programs used in human-operated ransomware campaigns. Following a successful break-in, hackers perform lateral movement. It obtains domain administrator privileges and deploys ransomware across a network to maximize the impact. REvil differs from other ransomware attacks in that it encrypts files using Elliptic-curve Diffie-Hellman key exchange rather than RSA and Salsa20 rather than AES. The cryptographic...

... (truncated for display)

Quick Facts

Company:: REvil Group
Date:: 2021
Status:: Resolved
Decision Maker:: Andre Nogueira
Position:: CEO of JBS USA
Published:: 26/08/2022

Source Information

Original Query

JBS Foods ransomware payment confirmation and communication strategy with REvil

View Original Source

Timeline

Information Published

26/08/2022

Incident Occurred

2021 (1725 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats