REvil Ransomware Gang Returns — Experts to Ensure Recovery by Protecting Backup Data
September 2021 by Jim McGann from CyberSense
As revealed this week, the cyber gang "REvil" has reactivated their negotiation portal for victims, signalling the return of future attacks. In response, security experts are warning organizations to strengthen defenses, especially around DR/backup data that will be needed to recover in such an event.
Jim McGann from CyberSense provider, Index Engines, has been researching the REvil group and can provide insights on how they infiltrate companies and what can be done to either prevent an attack or hasten a recovery. He has provided some commentary below as well if you will be covering the return of REvil.
According to Jim McGann, vp of marketing and business development for Index Engines:
“REvil is intent on ceasing business operations and extracting exorbitant ransoms to recover. Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property. This is their target. The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with."
“Organizations have relied on their disaster recovery software to restore their environment after a crushing cyber-attack. REvil knows this and are focused on making this process more challenging. This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process. We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organization. The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”