Connect with us

World News

Hackers Group Reveal Gas Shortage in US Offline After Multi-Country Operation

Published

on


The REvil group itself was hacked. (Representative)

Ransomware group Revil was hacked this week by a multi-country operation and forced to go offline, according to three private sector cyber experts working with the United States and a former official.

Former associates and allies of a Russian-led criminal gang were responsible for a May cyber attack on the Colonial Pipeline that caused widespread gas shortages on the US East Coast. Direct hunts for Reville include top meatpacker JBS. The crime group’s “Happy Blog” website, which was used to leak victims’ data and recover from companies, is no longer available.

Officials said the Colonial attack used encryption software called Darkside, which was developed by Reville allies.

Tom Kellerman, head of VMWare cybersecurity strategy, said law enforcement and intelligence personnel prevented the group from hunting down additional companies.

“The FBI, along with Cyber ​​Command, the Secret Service, and like-minded countries, have actually taken significant disruptive action against these groups,” said Kellerman, a US Secret Service adviser on cybercrime investigations. “Reville was at the top of the list.”

A leadership figure known as “0_neday”, who helped restart the group’s operations after an earlier shutdown, said that Reville’s servers had been hacked by an unidentified party.

“The servers were compromised, and they were looking for me,” 0_neday wrote on a cybercrime forum late last week and was first spotted by security firm Recorded Future. “Good luck, everyone; I’m off.”

The US government attempts to stop Revil, one of dozens of ransomware gangs that work with hackers to paralyze and paralyze companies around the world, the group said in July from American software management company Kasia. Accelerated after compromise.

That breach opened up access to hundreds of Kasia’s customers at once, leading to multiple emergency cyber incident response calls.

decryption key

After the attack on Kasia, the FBI obtained a universal decryption key that allowed those infected with Kasia to recover their files without paying a ransom.

But law enforcement officers initially held the key for weeks as it quietly pursued Reville’s employees, the FBI later acknowledged.

According to three people familiar with the matter, law enforcement and intelligence cyber experts were able to hack the infrastructure of Reville’s computer network, gaining control of at least some of their servers.

After the hacker group’s business websites went offline in July, the group’s main spokesperson, who calls himself an “anonymous”, disappeared from the Internet.

When gang member 0_neday and others restored those websites from backup last month, they inadvertently restarted some internal systems that were already controlled by law enforcement.

“The Revil ransomware gang restored infrastructure from backup under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of forensic labs at Russian-led security company Group-IB. “Ironically, the gang’s own favorite tactic of compromising backup was against them.”

Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected to the main network or they may even be encrypted by extortionists like Revil.

A spokesman for the White House National Security Council declined to comment specifically on the operation.

“Broadly, we are looking at disrupting ransomware infrastructure and actors, working with the private sector to modernize our defenses, and creating an international coalition to hold countries that have paid ransomware across the entire spectrum of government ransomware.” Trying,” said the person. .

The FBI declined to comment.

A person familiar with the incidents said a foreign partner of the US government carried out a hacking operation that penetrated Reville’s computer architecture. A former US official, who spoke on condition of anonymity, said the operation is still active.

Kellerman said the success stemmed from US Deputy Attorney General Lisa Monaco’s determination that ransomware attacks on critical infrastructure should be treated as a national security issue similar to terrorism.

In June, Principal Associate Deputy Attorney General John Carlin told Reuters that the Justice Department was scaling up its investigation of ransomware attacks on equal priority.

Such actions gave the Justice Department and other agencies a legal basis for seeking help from US intelligence agencies and the Defense Department, Kellerman said.

“Before, you couldn’t hack into these forums, and the military wanted nothing to do with it. Since then, the gloves have come off.”

.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright Indian Lekhak Limited 2021. All Rights Reserved