With threat actors increasingly choosing to publicize Ransomware-as-a-service, this week we take a look at yet another ransomware that qualifies to be in the same category. This ransomware is a sophisticated file-encrypting windows strain that is distributed with the ransomware-as-a-service model. It is reportedly attacking various organizations and demanding heavy ransoms to provide their victims with encryption keys to unlock their infected files. This ransomware is called REvil or Sodinokibi .
REvil, demands the ransom to be paid in cryptocurrency and threatens to dump and auction the victim’s data online if the ransom isn’t paid.
Some of the victims of this ransomware are –
- Sanitary Process Engineering & components inc.
- Agromart Group
- Harvest Food Distributors
- Sherwood Food Distributors.
Last month, REvil claimed to have downloaded sensitive and highly confidential documents from a leading supplier of sanitary components called Sanitary Process Engineering & components inc. Operators of REvil also auctioned the data they stole from the Agromart Group after executing a successful attack against them.
In May 2020, $7.5 Million in ransom was demanded by the REvil operators after they hacked Harvest and Sherwood Food Distributors.
The ransomware operators mainly leverage an arbitrary file read vulnerability, CVE-2019-11510 to extort large organizations by distributing the ransomware.
Through an unpatched VPN server, REvil targeted Grubman Shire Meiselas & Sacks, in May of 2020. Earlier in the year, cybercriminals used the REvil ransomware to exploit the same vulnerability and infected Travelex, the foreign exchange company.
Using the same attack vector, various companies across the globe were infected with the same ransomware for financial gains by the threat actors.
Security Tip –
To prevent exploitations of known vulnerabilities, users and organizations should keep the operating systems, applications and browsers patched with the latest updates. A secure and reliable Antivirus software like eScan should be used across connected devices, including mobiles, laptops, and desktops. Regular backups of critical and sensitive data should be taken on a regular basis.
To read more, please check eScan Blog