Powered by MOMENTUM MEDIA

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Intelligence, law enforcement take down ransomware gang

A multi-national co-operative has taken down notorious ransomware gang REvil.

A multi-national co-operative has taken down notorious ransomware gang REvil.

The tables have been turned on notorious ransomware group REvil, which has reportedly been taken down by a multi-national co-operative involving law enforcement and intelligence personnel.  

Advertisement
Advertisement

According to private sector stakeholders co-operating with the US, the group was hacked and forced offline.

VMware head of cyber security strategy Tom Kellermann, who serves as an adviser to the US Secret Service on cyber crime investigations, said compromising the ransomware gang was a priority for the response team. 

"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Kellermann said.

“REvil was top of the list.”

This followed a spate of cyber attacks on critical infrastructure, attributed to the Russian-led group, including the attack on the Colonial Pipeline, which leveraged Darkside’s encryption software.

PROMOTED CONTENT

An REvil figure, who refers to himself as ‘0_neday’, commented on a cyber crime forum following the multi-national operation.

"The server was compromised, and they were looking for me," the anonymous cyber actor said.

"Good luck, everyone; I'm off."

The White House has declined to comment on the counter operation, but has noted the government’s broader efforts to fight cyber crime.

"Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernise our defences, and building an international coalition to hold countries who harbor ransom actors accountable," a spokesperson told Reuters.

According to Edgard Capdevielle, CEO of Nozomi Networks, this latest push to take down a ransomware gang should set a precedent for future responses.

“The US historically has had the reputation of, ‘if you physically come after us, we will come back at you 10 times harder and mess you up’,” he said.

“With cyber, this has not been the case, until yesterday’s announcement of law enforcement forcing REvil offline.

“While this is the first real public display of offensive cyber measures, true adversary deterrence is not built on one example of public response.”

Capdevielle said the US would need to take a consistent approach of zero tolerance in response to cyber-attacks on critical infrastructure and the private sector. 

“This retaliation is by no means ‘equal’ or reciprocal – the impact to the United States from Colonial was still much greater than affecting their servers. This is a good first step,” he added.

 [Related: Reforms introduced to bolster national cyber resilience]

 

Intelligence, law enforcement take down ransomware gang
capabilities-cyber-crime.jpg
lawyersweekly logo

more from defence connect

QinetiQ launches flexibility and wellbeing initiative
Nov 30 2021
QinetiQ launches flexibility and wellbeing initiative
As part of QinetiQ’s commitment to supporting Australian sovereign capability, competitive employee benefits are regarded as an ...
Nov 30 2021
Exercise Griffin Eagle tests ADF aviation capability
The 1st Aviation Regiment deployed a squadron of Armed Reconnaissance Helicopter (ARH) Tigers to California in August and Septembe...
DSTG, DEWC team up to develop new IR capability
Nov 30 2021
DSTG, DEWC Services team up to develop new IR capability
A strategic partnership has been established to support the development of advanced infrared camera capability for defence applica...