Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Cybercriminals Take Action after Dramatic REvil Arrests

published on 2022-01-25 18:58:36 UTC by yafit
Content:

After the renowned REvil ransomware group (also known as ‘Sodinokibi’), was arrested by the Russian and U.S. authorities, our cyber analysts take a look at the impact of this development on the cybercriminal community in the dark web.

REvil, which was considered as one of the most aggressive ransomware gangs, are responsible for high-profile attacks, including the against the JBS Foods company, one of U.S.’s largest beef producers.

Recently, Russia’s Federal Security Service (FSB) announced that the Russian authorities dismantled the ransomware gang “REvil”, in an operation they launched in collaboration with the United states. 

The announcement on the arrest came only a day after the Ukrainian government suffered a massive hacking attack on 70 of its domains. To many, this announcement was unusual as it came as tension between Russia and the U.S. are high because of the alleged involvement of Russia in the cyberattack against Ukraine’s sites. A possible explanation is that the arrest took place months before as our records indicate REvil stopped operating their website on the TOR network about 3 months ago.

Using our Cyber API, our analysts dived into the depths of the dark web to shed more light on the impact of this development on the cybercriminal community in general, and on ransomware gangs in particular. 

What did we find?

Fear of Undercover Agents and collaborators in the Cybercriminal Community

The REvil arrests have sent shock waves across the cybercriminal community, at least according to a correspondence we discovered between a member of the famous Lockbit ransomware group and a REvil member. The Lockbit member shared a screenshot of the correspondence in the famous dark web forum “XSS”, where they are both expressing their concerns that the admin of another dark web forum “RAMP”, named RED/KAJIT, may be collaborating with the Russian authorities. The Lockbit member speculates that the contact between REvil and RAMP’s admin may have been one of the triggers for the arrest of the 14 REvil members. This shows the level of concern in the cybercriminal community since many administrators have access to the contact information of forum members.

The correspondence between a member of the famous Lockbit ransomware group and a REvil member on the famous dark web forum "XSS",

The Race for Anonymity

Recent discussions on the dark web forums show that members of the cybercriminal community are anxious and fear the consequences of future Russian-U.S. collaborations. Some of the threat actors discussed operating in other countries such as China, India, Israel and Arab countries since they don’t feel safe in their countries, like the ones in the image below.

A discussion of cybercriminals who are looking to relocate to "safer" places on  dark web forums

Others shared tips on how to improve their safety methods and remain anonymous in the new and more dangerous landscape. 

Decrease in the number of new ransomware sites

Since the arrest was announced until the moment of writing these lines, we didn’t find any launch of new websites by existing or new ransomware gangs. This is an unusual finding as a new site would go live on a weekly basis, at the very least. We also discovered that the number of leaks published by existing ransomware gangs has dramatically decreased in that time.

Our cyber team will continue to watch these dark web spaces closely over the next few weeks because the slow down is only temporary, as the cybercriminal community always looks for new ways to sustain its illegal activities.

Article: Cybercriminals Take Action after Dramatic REvil Arrests - published almost 3 years ago.

https://webz.io/dwp/cybercriminals-take-action-after-dramatic-revil-arrests/   
Published: 2022 01 25 18:58:36
Received: 2022 02 09 21:50:29
Feed: Webz.io Dark Web Posts All
Source: Webz.io Dark Web Posts
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor