They may change their entities name, yet the threat they created and profited from continues. We know software as a service well from mainstream technologies widely used today. Organized crime has adopted the same business model distributing their exploits to anyone one willing to pay to play.
Reported in the New York Times today, by David Sanger, the aggressive ransomware organized crime syndicate believed base in Russia has gone offline. He lists several possible gambits. My favorite ” a third is that REvil decided that the heat was too intense, and took itself down to avoid becoming part of the crossfire between the American and Russian presidents. That is what another Russian-based group, Darkside, did after the ransomware attack on Colonial Pipeline, the U.S. company that had to shut down the gasoline and jet fuel running up the East Coast in May.
But many experts think that Darkside’s going-out-of-business move was digital theater, and that all of the key ransomware talent would reassemble under a different name. If so, the same could happen with REvil.” Any way we look at it the threat is no less for anyone today than yesterday. Remain vigilant. In Cyberscoop, Jeff Stone says, “REvil, the Russian-speaking hacking crew that claimed responsibility for a hack at the IT firm Kaseya that yielded perhaps thousands of victims, largely went dark Tuesday morning, according to multiple security researchers. The dark web site where REvil typically posts victim data and a payment site suddenly went down, while one site apparently ceased responding to Domain Name System requests.
In depth analysis of ransomeware tells one a couple details about it. One is dwell time and another is DNS activity. Dwell time is the time that the exploit reamins on the system. The longer there is the more the actor learns about the system they are in, with things like back-ups and valuable information being known. DNS Activity is the traffic it creates while waiting. These types of compromises will often delete backups stored on a system before encrypting files during their dwell time. The best strategy against such actors, is 24x7x365 monitoring of DNS and other metrics that reveal the issues, no matter what they call themselves. Learn more about a gaurded approach that protects you and those around you.