Notorious Ransomware Attacks by REvil in 2021
REvil (Ransomware Evil), also known as Sodinokibi, is an infamous private ransomware-as-a-service (RaaS) group held responsible for several vicious ransomware attacks on organizations worldwide. According to an article by Dark Reading, REvil was the most common ransomware variant responsible for 25% of ransomware attacks from January 2021 to July 2021.
This Russian-speaking cyber criminal group issues the threat of publishing the stolen information on its page, Happy Blog, if targeted organizations do not pay the ransom after falling victim to launched cyber attacks. Here is a list of some of the most notorious ransomware attacks by REvil in 2021:
#1 Renewable Energy Company Invenergy
The Chicago-based clean energy company suffered a ransomware attack by REvil in June 2021. The multinational company launched an investigation as soon as unauthorized activity was detected on its systems.
On its dark website, REvil declared that it had successfully carried out a cyber attack on Invenergy and compromised its computer systems, exfiltrating four terabytes of data. The stolen data allegedly included project data and contracts.
What’s even more curious about this attack is that REvil further claimed to have obtained some very personal information about Michael Polsky, Invenergy’s chief executive officer. The gang revealed that it had accessed Michael Polsky’s personal emails, compromising photographs and sensitive details about his divorce with Maya, his first wife.
#2 Tech Giant Acer
The renowned Taiwanese electronics and computer maker, Acer was hit by a major ransomware attack by REvil in March 2021. The hacking group demanded a ransom of a whopping $50 million!
The ransomware gang announced the breach on their data leak site by posting some images of the stolen files as proof. The leaked images consisted of some sensitive documents like financial spreadsheets, bank balances and bank communications.
The hackers also offered a 20% discount if Acer made the payment before the deadline provided by REvil. The ransomware gang had promised to provide the company with a decryptor, the deletion of stolen files and a vulnerability report in return for the payment.
Acer never admitted to paying the ransom. However, in a statement, the organization said that companies like theirs are constantly attacked. Acer stated that they had reported any abnormal situations to the required data protection and law enforcement authorities.
#3 Software Provider Kaseya
In July 2021, the US-based software provider Kaseya suffered a disastrous ransomware attack by REvil. To launch the attack, REvil targeted a vulnerability (CVE-2021-30116) in one of Kaseya’s remote computer management tools called Kaseya VSA.
This infamous attack affected up to 2,000 organizations globally and its fallout lasted for weeks. After the attack, REvil operators boasted about it on the group’s “Happy Blog”, saying that over a million devices were infected. They also stated that they would provide Kaseya with a universal decryption key for a ransom of $70 million in Bitcoin.
Counted amongst the farthest-reaching ransomware attacks till date, the Kaseya ransomware attack created problems for a broad array of public agencies and businesses.
The Swedish grocery chain Coop had to keep most of its 800 stores closed for an entire day since their cash register software supplier was out of service. Two big Dutch IT services companies- Hoppenbrouwer Techniek and VelzArt were also affected amongst many others.
#4 Meat Supplier JBS
JBS, the world’s largest meat processing company, was hit by a huge ransomware attack by REvil in June 2021. The attack disrupted the company’s Australian and North American operations. The company was forced to halt cattle slaughtering at all of the US plants for an entire day, contributing to the inflation in food prices. JBS paid the cyber criminal group a ransom of $11 million in Bitcoin.
JBS was able to restore the majority of its systems with the help of its own backups. It managed to fully restore global operations within a day, which helped in avoiding a prolonged shutdown. In a statement about the paying the ransom, Andre Nogueira, CEO, JBS USA said:
“This was a very difficult decision to make for our company and for me personally. However, we felt this decision had to be made to prevent any potential risk for our customers.”
#5 Apple Supplier Quanta Computer Inc
Quanta Computer Inc, one of Apple’s primary suppliers, was hit by a major ransomware attack by REvil in April 2021. REvil announced the attack on its dark web site, claiming to have infiltrated the company’s computer network.
The hacking group demanded a ransom of $50 million in return for the decryption key. The stolen data included manufacturing and engineering schematics of Apple’s current and future products.
The announcement by REvil came on the same day when Apple was set to announce an array of new products at the Spring Loaded event. The cyber criminal group had already posted schematics and designs of new laptops and Macbooks by the time Apple’s product launch was over.
When Quanta Computer Inc refused to pay the ransom, REvil instead asked Apple to pay the ransom by 1st May 2021 if they want to avoid the leak of new files every day.
With several high-profile ransomware attacks under its belt, REvil has become a menace for every organization around the globe. The growing threat of ransomware can only be contained with the proper application of suitable security controls topped with effective cyber security awareness training for employees.
So, stay vigilant and keep your eyes peeled. After all, prevention is better than cure, right?