Among REvil ransomware operators, there are people who have had or have access to some US weapons systems: one would have access to a ballistic missile launch system, another would have access to Navy cruiser systems, a third would have access devices. one nuclear power plant and another to an arms manufacturer’s systems. This information was provided by one of these operators, anonymously, in an interview with The Record portal, and published two days ago. “They can start a war very realistically, but it’s not worth it – the consequences are not profitable,” he told The Record. The cybercriminal group operates REvil as a ransomware as a service, providing malware and platforms that encrypt data for organizations.
According to the hacker, the cybercriminal group is trying to maintain political neutrality and avoids attacks on organizations in the CIS (Commonwealth of Independent States) countries, led by Russia and Ukraine, because of the geopolitics, local legislation or patriotism of some members of the group. The respondent noted that in very poor countries, including India, Pakistan and Afghanistan, no one pays ransom.
The hacker also said that cyber insurers are among the most attractive targets: the group first attacks similar organizations to gain access to its customer base and then deliberately orchestrates malicious campaigns against companies that have insurance. He said that REvil operators do not usually resort to DDoS attacks, as phone calls to victims, their partners and journalists warning about the incident and the consequences have produced very good results. Publishing the stolen data generally forces the victim to pay the ransom, he said.
“But ending negotiations with a DDoS attack means destroying the company. Literally. I also think that we will expand this tactic to reach the CEO or founder of the company. Collecting and analyzing information from publicly available sources and attacking with bullying will also be a very interesting option. Victims must understand that all the resources we spend before the ransom is paid will be included in the cost of the ransom, ”he said.
Source: CisoAdvisor
