• Ilia Kolochenko, Founder & CEO at web security company ImmuniWeb, Master of Legal Studies (WASHU) & MS Criminal Justice and Cybercrime Investigation (BU)


• 29.09.2020 06:45 pm
cybersecurity

The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum for potential affiliates, who will be recruited to hack businesses and encrypt their devices.

In an update to a forum post that they use to recruit affiliates, REvil announced that they are once again recruiting new affiliates to distribute their ransomware. To show potential affiliates that they mean business, REvil has deposited 99 bitcoins, or approximately $1 million, on the hacker forum.

This deposit illustrates how much money ransomware operations are generating as they are publicly making a $1 million deposit as if it is not a big deal.

More on that story here: https://www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/.

Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, Master of Legal Studies (WASHU) & MS Criminal Justice and Cybercrime Investigation (BU), comments: 

"The modern cybercrime industry is exceptionally well-organized compared to the cybersecurity industry. While most cybersecurity startups have access to venture funding while losing money, cybercriminals need to be profitable from day 1 so have no time for mistakes. They work hard around the clock, meticulously planning every single step of their cyber campaigns, aptly overpassing security teams who are already extremely busy with COVID-19 havoc and growing understaffing challenge in large organizations.

Ransomware extortion tactics, which are now successfully expanding into the cloud and IoT, are a virtually riskless and highly reliable way to make victims pay. Crypto-currencies preclude most of the investigations and provide a fairly easy way to cash out the loot. Working from home and incomplete visibility of external attack surface bring a wide spectrum of amazing opportunities for attackers. They need no 0day or expensive APT tactics, they just pick up an easy target from a myriad of low-hanging fruit.

Reportedly, a growing number of security researchers get deeply disappointed with commercial bug bounty programs, while global unemployment is bolstered by the spiralling pandemic. Hence, we should expect more talented young professionals to join cyber gangs before the end of the year. Ransomware is likewise poised to surge, becoming a predominant concern for security professionals."