Russian hackers keep on deepening their roots into the United States of America’s digital world enterprise. They have amassed a lot of attention online after allegedly carrying out a series of cyber-attacks on major corporations and companies. Russia has proved to be a little bit superior to the US tech-minds, and these hackers are flourishing in penetrating all the defensive systems installed by US technology departments.
The most famous group, according to US cybersecurity officials, is REvil. This is a Russian-speaking ransomware syndicate that has been operating in the US. They tend to attack an organization then demand a ransom for them to release the information they would have hacked or not to publicize it. The recent attack was carried out on Friday, and it shocked the whole nation, including the presidium. This web of attacks affected about 200 companies in the US.
Soon after the attack, on Sunday, a ransom of about $70 million in Bitcoin was demanded from any company that wishes to have their data back. This form of attack was carried out on the servers containing data, including clients’ information, financial records, legal documents, and projects. REvil is accused of encrypting vast amounts of data belonging to various major companies. Encryption of data means that the companies are locked off their data and denied access [Source]. The encryption used is giving US cybersecurity officials headaches in trying to understand the kind of technology used.
REvil has demanded $70 million to release the ‘decryptor’ that gives access back to the owners. The decryption process seems like a mountain climb for the US technology officials, and since Friday, they have been facing difficulties in decrypting the data. Revil claimed to be behind the Friday cyber-attack on a particular blog that is said to be used by the Russian-speaking ransomware syndicate. This is the first time REvil acknowledges an attack, and US cybersecurity experts have fingered it in this malicious act. According to the blog post, REvil launched an attack on MSP providers, which affected more than a million systems. The post also stated that the syndicate would only publish the ‘decryptor’ on public forums if they receive $70 million Bitcoin [Source].
It is hard to pinpoint the authority structure of the group and note who is speaking. Still, Allan Liska, an official of Recorded Future firm, a cybersecurity organization, highlighted that the message “almost certainly” originated from REvil and was composed of the highest form of leadership in the syndicate. The main upset was the attack on Kaseya, which is an information technology firm based in Miami where they breached some of its confidential clients’ data and triggered a chain of reaction among users that paralyzed various computers belonging to firms worldwide [Source].
Mr. Liska believes that these hackers have taken it too far this time and did not expect damage of this magnitude due to their actions. In his address, US president Joe Biden clearly stated they are not sure who is behind the attacks, and he did not rule out any involvement by the Russians. This statement stems from his utterances last month after meeting Russian President Vladimir Putin at a Geneva meeting. After the meeting, Biden told the press that he had discussed cybersecurity with Putin, and they both agreed to work together in curbing cyber-attacks. In April, the US sanctioned Russia over cyber-attacks to deter them from any harmful activities in-country. Russian intelligence was blamed for the 2020 “SolarWinds” hack, and Moscow was also accused of interfering in the 2020 elections, but Russia denied all these allegations [Source]. The US was making plans to reduce cyber-attacks, and it banned some Chinese companies involved in surveillance and cyber-activities. Also, Biden and Boris had agreed to collaborate in technology to strengthen their defense system against any foreign activities.
According to the US cybersecurity experts, these attacks by REvil were planned to be launched on a period extending to the 4th of July. Independence day left the computer systems vulnerable due to a handful of IT staff on duty because others would have been given a rest day. As a response to these attacks, Kesaya has employed the services of a cyber-security company FireEye to rectify the situation.
Currently, US cybersecurity experts are battling with the decryption of data, and, likely, they will not bend to meet the demands of the attackers.