News Daily


Men's Weekly

Australia

  • Written by The Conversation

Australian Federal Police Commissioner Reece Kershaw on Friday confirmed police believe the criminal group behind the recent Medibank cyber attack is from Russia. Kershaw said their intelligence points to a

group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world.

Kershaw stopped short of naming any individuals or groups.

But experts suspect the attackers belong to, or have close links to, the Russian-based ransomware crime group, REvil.

The attack so far involves a multimillion-dollar ransom demand made to the medical insurer for data on individual clients stolen in the earlier stages of the attack. The attackers originally threatened to release sensitive personal medical records, and then on Wednesday released hundreds of records onto the dark web.

Such attacks cause enormous personal stress for those whose data is exposed, as well as considerable reputational damage to the entities holding the data.

At the time the Medibank attack was publicly announced, Home Affairs Minister Clare O’Neil described the illegal action as a “dog act”.

Since then, our cyber security agencies, including the Australian Federal Police and the Australian Cyber Security Centre, have been scrambling to respond.

Gaining a better understanding of the groups behind these activities is therefore vital, but challenging.

So what do we know about REvil?

Hackers for hire

The group’s name is said to be a contraction of the words “ransom” and “evil”. It’s based in Russia, although its network of “affiliates” extends into Eastern Europe.

The view that the attack is the work of REvil is based partly on links observed between existing REvil sites on the dark web and the extortion site now hosting some of the stolen Medibank data. Further information will undoubtedly come to light in the coming weeks to confirm or alter this assessment.

But the nature of this attack is consistent with the approach and motivations shown previously by REvil.

The group emerged in early 2019, having evolved from an earlier “ransomware as a service” (RaaS) group known as GandCrab.

According to one scholar, Jon DiMaggio, under the RaaS model REvil relied on

hackers for hire, known as affiliates, to conduct the breach, steal victim data, delete backups and infect victim systems with ransomware for a share of the profits.

As we have also seen in the Medibank case, another tactic of this group is to engage in double extortion, whereby failure to pay the ransom leads to the stolen data being leaked or sold in underground forums on the dark web.

REvil was particularly active in 2021. This included the highly damaging ransomware attack in the United States on Kaseya, a managed services provider. REvil posted a ransom of US$70 million for a universal decryption key to restore victims’ data.

Australia was also touched by REvil in 2021. The group attacked JBS Foods, a major producer with operations in Australia as well as Brazil. The impact on Australian meatworks operated by JBS seems not to have affected supplies of meat, thus drawing less public attention than we have seen in the Medibank case.

Unstable and slippery

Shortly after the Kaseya attack, in late 2021, REvil appeared to shut up shop, following leakages of information from their hacked data site and increased pressure from law enforcement.

However ransomware groups such as REvil are notoriously unstable and slippery. Various factors contribute to this instability, including law enforcement pressure and greed. There’s little honour among this species of cyber “thieves” when personal survival and enrichment are at stake. The RaaS model also relies upon loose networks of associates that inevitably change over time.

Further evidence REvil was in retreat came in January 2022, just a month before Russia’s invasion of Ukraine. Russian law enforcement authorities announced they had arrested some 14 alleged members of REvil.

For a brief time, Western observers hoped the Russian action might be effective in constraining future ransomware attacks by the group.

But since the invasion in February this year, any pretence of cross-border cooperation in tackling these Russian groups has evaporated. Moreover, those arrested are believed now to likely be free and back in business.

Read more: Holding the world to ransom: the top 5 most dangerous criminal organisations online right now

Russian ransomware groups have close informal links to Russian security agencies such as FSB, the Russian internal security agency. These links provide the group (and other Russian cybercrime groups) a degree of licence to carry on their activities on the strict understanding their targets must lie outside Russia.

In some cases, although not so clearly in the case of REvil, these groups have expressed geopolitical motivations, directing cyber attacks against Ukrainian targets and those of countries seen to be supporting Ukraine. The Conti ransomware group is an example here of a group that publicly declared its support for Russia over Ukraine.

In the Medibank example, the group behind it appears simply driven by financial gain. Medical facilities such as hospitals have proven popular targets for ransomware groups because of their sensitive information holdings and hence vulnerability to pressure to pay.

It seems REvil, or at least a close genetic descendant, is back in business. What we’re currently seeing is consistent with prior experience with this group: appearing, disappearing and reappearing, sometimes in a slightly altered shape.

Dealing with it is difficult, a bit like a game of whack a mole – the offenders all too easily disappear and then pop up somewhere else.

The root causes of ransomware today can be political as well as economic, making effective inter-country cooperation against Russian-affiliated groups almost impossible.

This article draws upon work undertaken with my colleague David Wall (University of Leeds) examining the weaponisation of ransomware in relation to the Russia/Ukraine conflict. This work is currently in draft report form with the sponsoring organisation, the Global Initiative against Transnational Crime, Vienna and Geneva.

Read more https://theconversation.com/what-do-we-know-about-revil-the-russian-ransomware-gang-likely-behind-the-medibank-cyber-attack-194337

Cleaner Floors, Healthier Homes: Lefant M3L Arrives as Australians Prioritise Pet-Friendly Hygiene

As pet ownership continues to rise, Australians are placing greater emphasis on maintaining a hygienic indoor environment for both family members and their animals. Issues such as dander, loose fur, and tracked-in dirt require consistent cleaning to support better home... Read more

How Home Removalists Save Time, Money, and Energy During Your Move

Moving to a new home is an exciting chapter in life, but the process of getting there can be overwhelming. From packing and organizing to transportation and unpacking, relocation involves a long list of tasks that can consume both your... Read more

Fulfilment Australia: Streamlining ECommerce Operations for Business Growth

As eCommerce continues to thrive, efficient order fulfilment has become one of the most critical components of customer satisfaction and business success. Companies across the nation are turning to professional fulfilment Australia providers to manage inventory, packaging, and shipping operations... Read more

Evaporative Cooling Cleaning Melbourne: Keeping Your System Fresh, Efficient, and Healthy

As Melbourne’s summers grow hotter, many homes rely on evaporative cooling systems to stay comfortable. While these systems are energy-efficient and environmentally friendly, they require regular maintenance to perform at their best. Professional Evaporative Cooling Cleaning Melbourne services are essential... Read more

4 Benefits of Exploring Australia in an Off Road Caravan

Australia’s vast landscapes offer a kind of freedom that can only be fully experienced on the open road. For travellers seeking caravans for sale, choosing one built for adventure can transform any journey into a memorable one. This article will... Read more

The Importance of Professional eCommerce Web Design for Online Success

The online shopping industry has grown at a rapid pace, and with it, customer expectations have evolved. Today, having a basic website is not enough to attract and retain customers. Businesses must invest in professional eCommerce web design that not only... Read more