REvil the Enterprise Ransomware Threat

Dennis Snider

529 Posts

255 views

0

The criminals behind the REvil ransomware threat (also known as sodinokibi) have started reaching out to their victims, trying to use shame to leverage payments for those unlucky enough to have the malware infecting their system.

Those who create malware have for a long time been reliant upon shaming and threatening to expose their victims. This can be an extremely unpleasant and even tragic process, with at least one known suicide directly attributable to it. One of the most common tricks these criminals use is to inform their victim that they are in possession of footage of the victim watching pornography or engaging in sexual acts, and tell them that unless they pay the Bitcoin ransom demanded, this will be released online and their family and friends alerted. Obviously the criminals don’t possess such footage, but they will back it up by mentioning old passwords of the victim they have harvested from password dumps in order to look more credible.

Recently, ransomware criminals have started infiltrating the business world, encrypting vital files or services with tools that require special keys to unlock, for which of course the criminals expect substantial payments. This has led to a moral quandary in the business world as to whether any such ransom demands should ever be paid. Such is the danger of such type of attacks that it’s hard to say how many have been made and how many companies have paid ransoms, as clearly nobody wishes to admit their security has been compromised.

The criminals have now added an extra string to their bow in terms of outreach: as well as compromising a company’s security, they now threaten to also inform the media and key partners of the company of the security breach unless a ransom is paid. This heaps extra pressure on companies who now not only have the incentive of recovering their stolen data but also the need to keep their reputation intact with their partners or clients.

Of course, there is never any guarantee that any useful or usable data will be returned once the ransom is paid; as with all threats of this type, the best thing to do is to create security so strong, and update it so regularly, that the criminals will go off and look for another victim and leave your company alone.