As the fallout from the Kesaya breach continues to unfold, a new twist has appeared online. The group behind this hack, REvil, has vanished from the internet.
According to officials, the link to which affected companies were to pay the ransom suddenly vanished on Tuesday. All known connections to REvil have disappeared from the internet as a result. This comes as US and Russian officials vowed to crack down on actors such as this. This has led to immense speculation that either the US had ordered a raid to shut them down or Russia put pressure on them to disappear. The fact is the hackers behind REvil have shut down that network and more than likely moving on to the next job. [1]
What this means is that anyone who had not already paid the ransom yet is out of luck if they cannot restore encrypted files. The original ransom for the entire network was $70 Million, without considering what other companies would have to pay. This issue is certainly a big problem, because hackers can easily disappear before the ransom is paid, permanently locking down companies’ servers. Some might not be able to restore their service without these codes, forcing a costly remaking of their entire server.
According to Mike Smith, President and CEO of PL Risk. “We have recently seen a shutdown of several bad actors in recent months including the Darkside, which was responsible for the Colonial Pipeline Breach. There is widespread speculation that this is a result of increased from the US government as well as behind the scenes clandestine activities. I suspect we will see more of these shut down only to be replaced by new actors.”
This attack on Kaseya targeted a supply line by focusing on managed service providers. The REevil groups disappearance highlights an even greater risk that once attacked it is possible there wont be solution to unencrypt files and create an even greater risk.
About PL Risk
PLRisk Advisors, Inc. (PLRisk) is a nationally recognized wholesale insurance brokerage which specializes in Professional and Executive Liability Insurance. PLRisk provides retail insurance agents and brokers with access to Professional Liability insurance products often not afforded to retail insurance agents. Located in Franklin Lakes, New Jersey, PLRisk provides insurance services to retail agents and brokers in most every state.
[1] https://www.bbc.com/news/technology-57826851