Hackers behind the REvil ransomware have claimed to have made more than $100 million in one year from extorting large businesses.
Not satisfied with their ill-gotten wealth, the group wants to make $2 billion with its ransomware as a service business, a representative for the hacking group told a Russian tech blog, as reported by Bleeping Computer.
Russian blog OSNIT claims to have interviewed the REvil representative, who uses the aliases "UNKN" or "Unknown" on criminal forums, discussing some of the group's activities and its plans for the future.
The gang, which were first spotted in early 2019, operates an as-a-service model, where it supplies and manages file-encrypting malware to paying customers. For every successful ransomware attack using this service, the REvil group takes a cut of around 20-30%.
Customers are alleged to have success attacking airports, charities, and businesses across the globe over the past year. Attacks on law firm Grubman Shire Meiselas and Sacks in May, where large volumes of client data, most of which belonged to celebrities, was accessed.
However, the group's most high-profile attack was that against Travelex in January, which crippled its services for most of the year and is considered to be one of the reasons why the company went into administration in August.
According to Unknown, attackers using REvil ransomware took just three minutes to breach Travelex's systems by exploiting a vulnerability in Pulse Secure VPN. This, they said, was left unpatched for months despite a fix being available.
REvil, which is short for 'Evil Ransomware', have used their stolen wealth to search for new distributors by depositing $1 million in bitcoin on a Russian forum. The move is designed to highlight how much profit can be made from ransomware in a bid to find "new blood" in the profession, according to Unknown.
RELATED RESOURCE
2020 Cyber Threat Intelligence (CTI) survey
How to measure the effectiveness of your CTI programme
The group initially made its money from encrypting files, including any backups, in an attempt to get victims to pay for its release. However, stealing and threatening to leak data on the web has proven to be a far more lucrative tactic over the last year, with companies more fearful of reputational damage than the financial cost. According to Unknown, this is now a primary tactic of the REvil group.
As for future activities, it was also claimed that affiliates have hit the network of a "major gaming company", which the group will reveal "soon".
-
Gender diversity improvements could be the key to tackling the UK's AI skills shortageNews Encouraging more women to pursue tech careers could plug huge gaps in the AI workforce
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
