“Currently, we have not observed any new victims, but ultimately the group is back to make money as ransomware is very profitable,” said Adam Meyers, senior vice president of intelligence at security firm CrowdStrike.
US National Cyber Director Chris Inglis said Thursday that public reports indicate some Russian-speaking ransomware groups have been less active since the Biden-Putin meeting, but that it was “too soon to say that we’re out of the woods on this.”
“I think it’s a fair bet that [the ransomware groups] have self-deconstructed, that they’ve essentially gone cold and quiet to see whether the storm will blow over and whether they can then come back,” said Inglis, a top cybersecurity adviser to Biden.
REvil is one of multiple ransomware gangs suspected of operating out of Russia and Eastern Europe that have extorted millions of dollars out of major companies in recent months. The FBI blamed REvil for a May ransomware attack on JBS USA, which accounts for some one-fifth of US beef production. JBS said it paid the hackers $11 million to unlock their systems.
That incident followed the days-long shutdown of major fuel transporter Colonial Pipeline earlier in May after a ransomware attack by another Russian-speaking criminal outfit known as DarkSide. Colonial Pipeline, which transports some 45% of all fuel consumed on the East Coast, paid its extortionists $4.4 million.
REvil’s reemergence “shows the resiliency of organized cybercrime groups … to get back to business as usual in a relatively short period of time,” Michael DeBolt, chief intelligence officer of cybersecurity firm Intel 471, told CNN.
Ransomware has taken an increasing toll on the US economy in recent years.
Victims of ransomware attacks paid some $350 million in ransoms in 2020, according to Chainalysis, a firm that tracks cryptocurrency. Those who don’t pay can spend millions of dollars rebuilding their computer infrastructure.
As the White House tries to pressure Moscow into reining in ransomware groups, US officials have urged businesses to step up their security measures to make hacks less impactful.
The FBI and US Cybersecurity and Infrastructure Security Agency in August reminded companies that the agencies “strongly discourage paying a ransom to criminal actors” because it could allow hackers to invest in new capabilities.