REvil ransomware group strikes again with attack on hundreds of companies right before long holiday weekend

Obreid

Power Poster
Not much detail in this article probably cc of msm. Anyone heard of any significant companies hit.

Ransomware attacks are starting to feel like plane hijackings from the seventies.
There almost the perfect terrorist attack. Deniability is high perfect for a nation state to use.
 

DarkNoon

Power Poster
  • New ransomware attack by REvil targets IT vendor Kaseya - | CNN |
    • US cyber officials are tracking a major new ransomware attack by the same group that hit meat supplier JBS Foods this spring.
    • The cybercriminal gang, which is believed to operate out of Eastern Europe or Russia, targeted a key software vendor known as Kaseya, whose products are widely used by IT management companies, cybersecurity experts said.

  • Major ransomware attack against U.S. tech provider forces Swedish store closures - | Reuters |
    • One of the largest ransomware attacks in history spread worldwide on Saturday, forcing the Swedish Coop grocery store chain to close all 800 of its stores because it could not operate its cash registers. The shutdown of the major food retailer followed Friday’s unusually sophisticated attack on U.S. tech provider Kaseya.
    • The ransomware gang known as REvil is suspected of hijacking Kaseya’s desktop management tool VSA and pushing a malicious update that infect tech management providers serving thousands of business.

  • Ransomware attack on software manager hits 200 companies - | NBC |
    • A successful ransomware attack on a single company has spread to at least 200 organizations and likely far more, according to cybersecurity firm Huntress Labs, making it one of the single largest criminal ransomware sprees in history.
    • The attack, first revealed Friday afternoon, is believed to be affiliated with the prolific ransomware gang REvil and perpetuated through Kaseya, an international company that remotely controls programs for companies that, in turn, manage internet services for businesses.

  • Massive Ransomware Attack May Impact Thousands of Victims - | The Washington Post |
    • Just weeks after President Joe Biden implored Vladimir Putin to curb cyber crime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain.
    • REvil, the group blamed for the May 30 ransomware attack of meatpacking giant JBS SA, is believed to be behind hacks on at least 20 managed-service providers, which provide IT services to small- and medium-sized businesses. More than 1,000 businesses have already been impacted, a figure that’s expected to grow, according to the cybersecurity firm Huntress Labs Inc.

  • Latest ransomware attack appears to hit hundreds of American businesses - | The Guardian |
    • Hundreds of American businesses have been hit by a ransomware attack ahead of the Fourth of July holiday weekend, according to the cybersecurity company Huntress Labs.
    • Huntress Labs said on Friday that 200 American businesses were hit after an incident at the Miami-based IT firm Kaseya, potentially marking the latest in a line of hacks destabilizing US companies.
 
Last edited:

RiffRaff

Deputy Director
Staff member
Remember, ransomware attacks are not technically "terrorism" or geopolitical in nature. They are high-tech hostage situations involving data instead of people and extorting money in exchange for the release of the hostages. They are bank robberies occurring in cyberspace. The end goal is money - nothing more, nothing less.

Now, the fact that the Russian government is turning a blind eye to these criminals' activities factor in a little bit of responsibility on their part; but these attacks are not actually authorized or sanctioned by the Russian government.
 

DarkNoon

Power Poster
Biden made a statement today saying "if Russia is behind this, there will be consequences." He went on to say he already warned Putin of consequences two weeks ago if there where any further attacks originating from Russia.

He says that in this video:

I can't imagine it's anything serious Biden can or will do. But I'd prefer the US carry out counter cyber attacks for each one they have done to us with a little extra kick or flare.

Something that would be right at the line but not crossing the threshold for real conflict for counter cyber attacks.
 
Last edited:

DarkNoon

Power Poster
turning a blind eye to these criminals' activities factor in a little bit of responsibility on their part; but these attacks are not actually authorized or sanctioned by the Russian government.
Regardless they are equally responsible weather authorized by the Kremlin or not. The US prosecutes and imprisons cyber terrorist groups that cause disruption to the global market and than some.

The Russians given they have no rights or freedoms should be very easy for them to find and imprison cyber criminals in their house or back yard so to speak.

The US has every right to respond or deal consequences to the Russian Federation if they have know about the problem for sometime and have done nothing about it.
 

DarkNoon

Power Poster
In a allegory, if the US known that terrorist actors where building and implementing plots to disrupt Russia or other markets, governments, or militaries in the US, the US would quickly move to squash and arrest such people/groups.

But when it happens in Russia's backyard they almost seem to encourage it. So their JUST AS GUILTY even if the Kremlin isn't giving the orders directly.

So yes the US has every right to lash out a response and the Russians can't and won't have much credibility to denounce such responses from the US.
 

RiffRaff

Deputy Director
Staff member
Regardless they are equally responsible weather authorized by the Kremlin or not. The US prosecutes and imprisons cyber terrorist groups that cause disruption to the global market and than some.

The Russians given they have no rights or freedoms should be very easy for them to find and imprison cyber criminals in their house or back yard so to speak.

The US has every right to respond or deal consequences to the Russian Federation if they have know about the problem for sometime and have done nothing about it.
21st century Russia is not the Soviet Union. Russians have many more freedoms and rights now, including the ability to leave the country anytime they wish.

I will agree that the US has the right to respond to these attacks if Russia is aware of them and does nothing to stop them; but it should not be a military response.
 

DarkNoon

Power Poster
21st century Russia is not the Soviet Union. Russians have many more freedoms and rights now, including the ability to leave the country anytime they wish.
You are right. The Russians enjoy more freedoms than they did not even 30 years ago. But their civil liberties, privacy, freedoms, and speech are still almost none existent.

On the surface they are free to roam about and live their lives to a degree until it doesn't fit the Kremlins objectives. But that is as far as it goes on the surface of things.
 
Last edited:

DarkNoon

Power Poster
I will agree that the US has the right to respond to these attacks if Russia is aware of them and does nothing to stop them; but it should not be a military response.
Correct. It should be a tit for tat but with the US taking it just a step further without crossing the military threshold line.
 

DarkNoon

Power Poster
But their civil liberties, privacy, freedoms, and speech are still almost none existent.
Which those things slow down justice in the West is my point, Russia could more easily and quickly find and arrest these cyber groups in their backyard since they don't technically have any civil rights. Whatever the Kremlin wants gets and be damned anyone in the way including/especially their own people.
 
Last edited:

Obreid

Power Poster
Very good job of illustrating the concept of plausible deniability.

Did a independent citizen of country A enter nation B to commit theft, subterfuge, or espionage for personal gain.
or
Was a citizen of nation A commissioned or aided and encouraged to enter nation B to commit theft or espionage for the state.
This is the whole premise of plausible deniability.
Where is the ability to know the difference?
Do we wait to make that determination till we can track the digital footprint back to the very source with little doubt.
Can we afford to wait on that determination.
Or at some point does a nation have to make the inferred conclusion based on pattern and frequency that a nation state is encouraging or facilitating it.

The world for decades debated were terrorist acts isolated groups acting independent or as most have now come to recognize are acting as proxies for other nations.

It is incorrect to dismiss ransomware attacks as purely theft by criminal organizations. While in many instances they can and will be just that. The damage they can inflict is not just financial.
They can undermine trust and reliability of infrastructure, financial systems, delivery of critical goods and services. Those all had strategic importance.

So it’s wrong to setback and assume there just matters of extortion. The facade of extortion can mask the true purpose of an attack.
Again I’m not saying these are nation state sponsored but it should not be ruled out and the blame not necessary laid at the feet of Russia.

In many respects we have to answers these questions in a world without boarders
 

Saguenay

Member
Perhaps several Americans suffer from paranoia which is called red fear (Russia | China), several of your fellow citizens often blame these 2 countries for all your problems.

Are you afraid?
 

Obreid

Power Poster
Perhaps several Americans suffer from paranoia which is called red fear (Russia | China), several of your fellow citizens often blame these 2 countries for all your problems.

Are you afraid?
Afraid no, concern yes
I don’t particularly attribute these attacks to any nation in particular. I am not in the need to know loops so I won’t rush to blame Russia China or any particular country.
Only that it’s a possibility that cannot be dismissed that they were state sponsored.
Denying that this is a possibility is either naive or throwing shade for another.

Doesn’t mean we can know yet but it should be explored
I’m mean which is more Paranoid, a state could pull this off or a criminal organization. Both are bad and potentially dangerous.

If “Anonymous” was actually who they billed themselves to be. An group of hackers and whatever acting independently from a state. The thought that a independent agency could potentially collapse a nations infrastructure or financial system is actually scarier than a nation state.
A nation state has something tangible and visible to lose. A anarchist group or environment extremist likely don’t see that they have anything to lose.
 

DarkNoon

Power Poster
Only that it’s a possibility that cannot be dismissed that they were state sponsored.
Well we will never know. Even so if we are to find out Russia isn't aiding these groups, Russia is just as responsible for not taking any action since it's happening in their backyard.
 

Travis The Dragon

Well-known member
Biden made a statement today saying "if Russia is behind this, there will be consequences." He went on to say he already warned Putin of consequences two weeks ago if there where any further attacks originating from Russia.

He says that in this video:

I can't imagine it's anything serious Biden can or will do. But I'd prefer the US carry out counter cyber attacks for each one they have done to us with a little extra kick or flare.

Something that would be right at the line but not crossing the threshold for real conflict for counter cyber attacks.
That's if the attackers didn't use something to hide their IP address such as TOR or a VPN. And I would imagine they would do that if they're smart.
 

DarkNoon

Power Poster
That's if the attackers didn't use something to hide their IP address such as TOR or a VPN. And I would imagine they would do that if they're smart.
There is a way to find the origins of a attack even if they mask themselves digitally, trust me.

Just like we can tell who's nuke is who's or used in nuclear terrorism due to its radioactive footprint as uranium/plutonium are unique for each country.

With technology now a days it's virtually impossible to hide anything.
 

Obreid

Power Poster
I’m not so sure VPNs are as safe as advertised. I think they will protect against run of the mill hacker. But competent and resourced person could even track them back to source.
 
Top