Way way back in (at least in cloud provider release schedule) time, four weeks ago, we discussed the amazing coincidence that the Conti (misspelt) crime gang, which had ransomwared the Irish Health Service (HSE), leading to massive disruption, hurting the weak and vulnerable and very possibly causing early deaths, had provided decryption keys for free, seemingly following direct intervention by Vladimir Putin after meeting with POTUS Biden.
We also suggested that Biden’s direct confrontation would do little to stem the number of audacious ransomware attacks coming, or at least appearing to come from, Russia.
Yea verily, last week saw the biggest ransomware attack in history by yet another (so boring isn’t it?) Russian outfit REvil (champions of the supply chain attack, blogs passim), infecting untold (a claimed 1 million) machines worldwide and demanding a $70 Million decryption fee, covered by your intrepid reporters.
Last Friday, it is reported that POTUS Biden and Vlad had a one hour call on the subject of cracking down on these, as ‘El Reg’ would call them, ’miscreants’. For those that do not know, one of the hallmarks of this outfit is that they do not target machines in Russia or (so-called) affiliated Nations, presumably out of fear.
Many malware delivery systems are known to check the location or user nationality (by languages installed on the device) before performing the acts of darkness and this fact has been suggested by some, and documented by us prior, as a potential protection mechanism against infection and does appear to work.
Anyhow, back to the matter in hand. It appears and is widely reported, that the REvil gang has gone off-grid, vanished, vamoosed. All servers Dark and light no longer in service, all communications down,
Why could this possibly be?
Non-USA. /Russia related
- They failed to pay their cloud subscriptions
- They forgot their passwords
- They have gone on furlough
- They have made enough of the moneys and are partying like Russians yo
- They heat is on and they are in hiding in their volcano lairs (mwahahaha)
Tiberium’s MSSP services FROST and MYTHIC, built on Azure Sentinel configure your systems to best practice during our rapid deployment. Together with our automated actions, you will be very much better protected against ransomware from the outset. In days, not months.
Alternatively, sign up for our informative ransomware webinar on Tuesday the 20th of July at 10 AM.
Now the song. Where Do You Go To My Lovely was a massive number one for Peter Sarsetd in 1969. DJ John Peel thought it to be the worst record of all time, although it was generally critically acclaimed.
There are many people that would like to look inside the heads of REvil, and we don’t mean metaphorically. Where did they go to? Will they be back? We reckon so, time will tell.