American intelligence agencies, with the support of colleagues from other countries, hacked the servers of the hacker group REvil (Ransomware Evil – “viral evil”). In July, REvil attacked IT company Kaseya, which operates computer networks for small organizations, and was targeted by the FBI. After that, the group, which is credited with the methods of “Russian intelligence structures”, was forced to cease its work.
After REvil attacked Kaseya, the hacker's servers were hacked. According to VMware (a developer of software for cloud and virtual services), this operation was carried out by the FBI, together with the US Cyber Command, the Secret Service and colleagues from Western countries. REvil was able to regain access to the servers, but the FBI obtained a universal decryption key that allowed attacked companies to recover files and not pay criminals. They kept the key under wraps and planned to retaliate against the hackers.
When the group restored the network from a backup, it also restarted the internal systems that were under the control of law enforcement agencies. So with REvil, the favorite tactic of hackers to crack backups (backups) played a cruel joke.
The special operation against REvil is still ongoing. The FBI declined to comment on it, and the US National Security Council said it was “making efforts” to hack the ransomware infrastructure and modernize protection. The council plans to create an international coalition to bring countries harboring extortionists to justice, Reuters reported.
Authorities believe that in June, REvil organized an attack on the world's largest meat producer, the Brazilian company JBS. According to The New York Times, the group learned its methods from Russian intelligence, which is accused of hacking into SolarWinds in December 2020.
According to Kommersant, on October 5, two hackers were arrested in Kiev, who may be involved in attacks on 100 companies with a total damage of more than $ 150 million.
On October 21, Google announced that hackers from the “Russian-speaking forum” have been attacking YouTube since 2019. They lured bloggers to access the account and either sold it or used it for cryptocurrency fraud. For one account, cybercriminals received from $ 3000 to $ 4000.
On October 7, the “Russian hackers” Nobelium were accused of stealing classified data on sanctions against the Russian Federation from the United States. In addition, information about investigations by American counterintelligence fell into the hands of the burglars. For hacking, the attackers used vulnerabilities in SolarWinds and Microsoft programs.
The US National Security Council has calculated that in 2020, victims of cyberattacks paid hackers more than $ 400 million.In the first quarter of 2021, ransomware owners were transferred $ 81 million.
Photo: Pixabay, Pixabay License
Read also:
“Russian hackers” accused of stealing classified data on sanctions from the United States
In the USA, they calculated the earnings of hackers for 2020
$ 4 thousand per account. Google told about attacks by “Russian-speaking hackers” on YouTube bloggers
Muscovite beaten by Dagestanis told what he will spend 2 million rubles on
Russian beaten by Dagestanis in the metro did not want their money
