It likes big game hunting, it enjoys deploying Cobalt Strike and it dabbles in critical vulnerability abuse. It’s known as Sodinokibi/REvil, a ransomware strain that emerged in 2019 as the heir to the GandCrab ransomware, a malware family that supposedly retired from the cyber crime arena in mid-2019 after reportedly amassing illicit profits of over $2 billion.
In the two years of its existence, Sodinokibi has gained considerable momentum, having been implicated in high-profile cyberattacks, locking up and even auctioning off data that belonged to companies like Travelex, Gunnebo, Brown-Forman, Asian retail giant The Dairy Farm Group and, most recently, an Apple supplier. The demand in each case is often exorbitant, asking victims for multi-million-dollar ransoms for their data:
Is Sodinokibi all about the money? It’s hard to say. In some cases, Sodinokibi actors manage to target defense contractors and organizations in countries that rival their assumed originating state, Russia.
Robbing terabytes of data, with no way for victims to know what they actually do with it after they receive payment, it’s very plausible that money is just one objective, followed by espionage, both business and nation-state driven. Not unlike other major cybercrime gangs, the group’s access and control over major organizations’ assets can lend it the power to collaborate on a variety of nefarious schemes, including adversarial nation-state activity.
‘Cryptoviral Extortion’ Is the Name of the Game
Threat actors that use ransomware are taking advantage of the inherent power of public key infrastructure cryptology to encrypt information in a way that’s har ..
Support the originator by clicking the read the rest link below.
Evil Cybercrime Gang Disrupts Organizations for Trade Secrets and Cash){kind=link}