John Anthony Smith: Russian Speaking REvil Group Is Actively Causing Widespread Cyber Terror

Saturday, July 3, 2021 - by John Anthony Smith
John Anthony Smith
John Anthony Smith

(John Anthony Smith, president of the fast-growing Conversant Group on the Southside, advises on Internet security).

Similar in some ways to the global SolarWinds breach that occurred last year, threat actors have once again breached another system used for monitoring, patching, and remote administration.[1]  On Friday, it became publicly known that Kaseya, a well-known player in Remote Monitoring and Management (RMM) tools, had succumbed to a supply chain compromise.  Kaseya’s RMM, known as VSA, is commonly used by Managed Service Providers to manage, monitor, and patch their customers’ infrastructures. 

 

REvil Group was able to breach Kaseya’s VSA system and use that system to destroy backups and subsequently encrypt over 200 organizations’ data.  Kaseya VSA by the nature of how its system works has highly privileged access to the infrastructures in which it is deployed, as it is used to monitor, manage, and patch systems.  Thus, REvil was able to orchestrate this malicious attack nearly unthwarted by security controls.  On Friday, Kaseya sent out a warning of a potential attack and urged customers to shut down their servers running the service.  According to Kaseya’s web site, more than 40,000 organizations use their products.

 

REvil is demanding $50,000 in ransom from smaller companies and $5 million from larger ones.[2]  REvil is a Russian speaking hacking group that is highly active, and they are the same group of threat actors that successfully collected an $11 million ransom from JBS Meats.  It is widely believed that REvil operates from Russia, and this recent compromise comes on the heels of President Joe Biden’s meeting with Russian President Vladimir Putin in Geneva.  It is obvious that Biden’s conversation has invoked little action, at least thus far, in reigning in REvil’s continued attacks.

 

Ransomware attacks have spiked in the past 1.5 years with $412 million in ransom payments being paid last year alone, and this estimate is likely understated since many ransomware events go unreported.

 

We know, from our own experiences at Conversant Group, that REvil prefers to strike when IT coverage and monitoring may be at its weakest, such as on weekends and holidays.  It is no coincidence that this happened on the Friday before July 4th.

 

There are ways to mitigate these types of attacks, and organizations must be ever vigilant in vetting all its vendors and ensuring that controls are in place to thwart (or at least recover from) these types of threat actor activities.



[1] https://www.wsj.com/articles/technology-provider-kaseya-warns-of-cyberattack-11625266350

[2] https://www.washingtonpost.com/technology/2021/07/02/kaseya-ransomware-attack/


* * *

 

John Anthony Smith can be reached at:

423-305-7890

 

 

 

 

John.Smith@conversantgroup.com

1513 Cowart Street

Chattanooga, TN 37408


Top City Of Chattanooga Salaries

Revenues Rising At Collegedale; Commissioners To Discuss Noise Issues

Police Blotter: Man Sleeping On CARTA Bus Just Trying To Stay Warm; Man Evicted From Motel Over Towel Dispute


Here are the top City of Chattanooga salaries: (click for more)

Hamilton County Trustee Bill Hullander said assessments went up an average of 18.26 percent in Collegedale this year. Residential and farm properties are taxed at 25 percent of the assessed value, ... (click for more)

A man was riding a CARTA bus to East 3rd Street and fell asleep on the bus. He awoke at Market Street and East 11th and said he missed his stop. The driver informed him that he could catch the ... (click for more)



Breaking News

Top City Of Chattanooga Salaries

Here are the top City of Chattanooga salaries: (click for more)

Revenues Rising At Collegedale; Commissioners To Discuss Noise Issues

Hamilton County Trustee Bill Hullander said assessments went up an average of 18.26 percent in Collegedale this year. Residential and farm properties are taxed at 25 percent of the assessed value, commercial property is taxed at 40 percent and public utilities at 55 percent. In Collegedale, there are 3,424 properties. With the assessments up, the city will receive $402 million in ... (click for more)

Opinion

Tennessee Fans Hit A New Low - And Response (2)

Tennessee Vols fans hit a new low at the end of the UTK vs Ole Miss last evening. Maybe Lane Kiffin did us wrong when he left Knoxville for his dream team back in 2009, however, the crass and repulsive behavior of a large number of Tennessee fans didn’t reflect on Kiffin, it reflected on the great state of Tennessee. Has society really reduced itself to believing that reducing ... (click for more)

Roy Exum: Beware Of The Cobra

Over the weekend my “Morning Readings” included a lesson that economists teach called the Cobra Effect. Jon Miltimore is the Managing Editor of the Foundation for Economic Education in Atlanta and his ‘FEE.org’ is a highly respected conservative libertarian economic think tank. In his story you are about to read, he claims economists around the world speak often on The Cobra Effect. ... (click for more)

Sports

Dan Fleser: Top Vols Hooker, Evans, Cade Mays "Day-To-Day"

Josh Heupel rarely offers much in the way of injury updates. Tennessee’s football coach made an exception on Monday regarding three Vols. Heupel’s change of plan spoke to the importance of the trio. Hendon Hooker is the starting quarterback. Tiyon Evans is the most productive running back to date. Cade Mays is the most accomplished offensive lineman. “Hendon, Tiyon and ... (click for more)

Bradley's Rhyne Howard Earns Pre-Season All-American Honors

University of Kentucky women’s basketball senior guard Rhyne Howard has been named a preseason All-America honoree by both Lindy’s Sports and The Athletic, the media organizations announced recently. This is the second straight season that Howard, a former star at Bradley Central High School, has been tabbed a preseason All-America honoree by Lindy’s Sports. Howard is no stranger ... (click for more)