REvil has a bad day and some ransomware gangs get spooked
The psychology of ransomware gangs is an interesting one. No one truly believes they’re a villain in their own story.
But within the internet sphere, there’s a startling amount of self-imposed nobility about the questionable antics of its users. Specifically, because malware entities target the faceless corporate market, and I suppose there is a sensation of vigilantism in that. Look, I have no feigned love for billion-dollar enterprises doing what they can to dodge taxes and hoard wealth, but I’m not foolish enough to believe ransomware is somehow “sticking it to the man” in a way that’s actually effective.
That’s probably why certain ransomware gangs were downright rattled over pushback from the FBI, or at the least, aware they were no longer free to do what they want. It’s clear that dealing with even a degree of consequences has put some volatile ransomware gangs on the defense.
This comes after news that the FBI managed to take down one of the most notorious ransomware gangs, REvil (or “takedown” here meaning disrupt operations, at least).
Flipping the switch on REvil
In a joint-country effort, REvil’s operations were successfully shut offline for an indeterminate amount of time. If you need a refresher, these are the culprits behind the Colonial Pipeline attack and JBS attack, both critical forms of infrastructure. “Happy Blog,” where they distributed leaked info, is currently offline.
It’s a big first step in swinging the pendulum right back at vicious ransomware gangs, who have gone largely uncontested for well over a year. In their wake, ransomware gangs have targeted major infrastructure to smaller city networks, personal systems, and even hospitals. As I’ve talked about before on Bytagig, ransomware gangs are not noble, they’re culprits and opportunists who will target anyone to make a quick buck. They blatantly ignore the human cost and who it actually affects (it’s not the big cigar-smoking corporate avatars, by the way), simultaneously jacking up the rise of cryptocurrency scams and schemes.
The full linked report is a recommended read, as it details how REvil’s servers were secretly hacked and monitored, eventually leading to lateral control. Recommended, because those techniques are similar to ransomware-style attacks, and it’s admittedly satisfying to have the switch flipped. As Oleg Skullkin put it: “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”
The response
Caught with their hand in the cookie jar, some ransomware gangs played victim, as culprits of this nature are wont to do. Conti, even, had the sheer audacity to project this victimization, considering their gang routinely targets hospital networks, exploiting the chaos caused by COVID-19 to make easier gains.
As follows is the direct quote:
“First, an attack against some servers, which the U.S. security attributes to REvil, is another reminder of what we all know: the unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs,” the group wrote. “With all the endless talks in your media about “ransomware-is-bad,” we would like to point out the biggest ransomware group of all time: your Federal Government.”
It’s a cute combination of chanboard speak and whataboutism if I ever saw it, tailing us with a concept that has nothing to do with ransomware at all. If you want have discussions about US imperialism, pick a different forum and dawn a different career choice than digital vulture, buddy.
Regardless of what your opinion is on nations using their powers for influence in the global sphere of politics, you can’t shift the goalposts. It is what is: ransomware gangs are criminals that actively engage in criminal activity and randomly target businesses with aims for a profit. Common people are hurt and have their lives upturned, causing stress, fear, anxiety, and financial duress. The fact that the likes of Conti probably delude themselves into thinking they’re taking “the fight” to some undefined stance of western corruption really seals the deal.
As a kicker, defining the Federal Government as “ransomware” (whatever that’s supposed to mean) doesn’t really help their argument. That would imply ransomware is still bad, so that doesn’t make them innocent, does it?
Examining the response
“You mean there are consequences to my actions!?” is really the takeaway here. It’s astonishing, actually. I’d rather ransomware gangs be honest about their pursuits instead of trying to define themselves as some clandestine group of noble internet freedom fighters. But as I said in the beginning, there is a surreal sense of nobility. Some of these gangs really do see themselves as some bizarre variation of Robin Hood.
Does it mean that ransomware gangs will finally get the picture and run off? Of course not. They will likely be emboldened and continue their criminal efforts. However, they will, at least, think twice. The gravy train is over, boys, you’re no longer able to ransack businesses and prey on innocent people with no reaction.
While the response to these attacks has been slow, it’s coming down like a sledgehammer. If nothing else, I really do hope we get more angry responses from ransomware gangs, if only to watch them spin how they’re the ones who are the real victims, you guys. Really.
-Douglas James
