REvil Vanishes, Along With Some Companies’ Hopes to Decrypt Their Data

The Kaseya ransomware attack targeting VSA servers for approximately 1,500 organizations was another notable attack in a recent string of high-profile ransomware attacks, and while most organizations did what most security professionals recommend and did not pay the ransom, others did not listen. Now those who did pay the ransom are having trouble decrypting their data, and REvil is nowhere to be found to help them in this effort.

With REvil, the hackers reportedly responsible for the Kaseya ransomware attack, having shuttered their operations, some organizations who actually paid the ransom are in a tight spot. Following comments from United States President Joe Biden urging Russian officials to take action against REvil, it was reported that dark web sites for REvil’s payment portal, public portal, helpdesk chat, and negotiations portal were all offline. It is unclear what has caused these outages; it could be a government shutdown just as easily as it could not. Either way, our thoughts turn back to those who are impacted most by this outage: those who paid the ransom, but cannot decrypt their data.

Ordinarily, those who need help with decrypting their data after paying the ransom could contact REvil’s helpdesk, but if they are nowhere to be found, and your decryption tools are not working as expected, what is there to do? It is, yet again, a stark reminder that you cannot guarantee that paying the ransom will help you get your data back should you fall victim to a ransomware attack. What good reason is there to trust the goodwill of hackers who extort money from others and create so much trouble for countless organizations and individuals around the world? There cannot possibly be one.

We understand that you may feel you do not have a choice in the matter regarding paying up for ransomware attacks, but at the end of the day, it is simply far too risky to do so. Not only are you paying up for a possibility of decrypting your data—not a guarantee, mind you—but you are also funding future attacks and proving to the world that ransomware works well enough to extort millions of dollars from companies around the world. Show the hackers who is in the driver’s seat by refusing to give in to their demands.

Rather than reacting to ransomware attacks, you should instead take a proactive stance against them. Start with implementing adequate security measures that can detect the many modes of transport that ransomware utilizes, as well as a data backup system that can help to restore your infrastructure in the event of a ransomware infection. Furthermore, you must train your employees on how to identify and respond to potential ransomware threats. If you do all of this, you can minimize the chances that ransomware will significantly influence your organization.

Indevtech can assist you with the implementation of any new security or data backup solutions, as well as train your team on how to be more mindful about these threats. To learn more, reach out to us at (808) 529-4605.