The major cybersecurity news of the week is the REvil arrests. This has sent some shock-waves among ransomware bad actors. The hacker group have been associated with some high profile hits, such as ransomware attacks on IT firm Kaseya.
Andy Bennett, CISO Apollo went up against REvil when they attacked the state of Texas, so he understands the issues surrounding the group. Digital Journal asked Bennett about the group and how they were caught.
Digital Journal: What is happening with the REvil arrests?
Andy Bennett: Years of hard work and cooperation finally paid off. Countless organizations have been hit by these bad actors but now the tables are turning. These attackers held public and private organizations and even entire communities hostage and it took organizations having the fortitude to not pay the ransom cooperating with Law Enforcement to provide the path to bring these criminals to justice.
DJ: How did they get caught?
Bennett: Every time an organization was willing to go through the pain of not paying and brought the FBI in, they provided the investigators access to critical tidbits of information that helped them understand how the REvil gang operated. When Kaseya got hit and brought in the FBI, cooperating fully with law enforcement, the FBI clearly knew what to do, as evidenced by the criminals being caught.
DJ: What is the significance of the arrests?
Bennett: The significance of these arrests is that ransomware just became a high-risk activity. Up to this point, ransomware was a relatively low risk, high reward proposition for enterprising criminals. It was seen, even by law enforcement, as nearly impossible to catch and prosecute ransomware gangs operating in Eastern Europe and other parts of the world due to difficulties in tracking and controlling crypto currencies used for payment and massive procedural and jurisdictional hurdles. Clearly, these are no longer showstoppers and it will definitely put the rest of the ransomware gangs on edge and on notice that they could be next. REvil was one of the most prolific ransomware gangs and they were virtually untouchable, until now.
On a personal note, I could not be happier to see these particular threat actors brought to justice as it was REvil/Sodin who hit 23 local governments in Texas in August of 2019. I was the incident commander for that incident, and we did not pay the ransom. I don’t know if information gathered from our incident contributed materially to this success, but I would like to think that we did our part.
