Last week, the sites associated with the Russian hacking group REvil disappeared from the dark web. This represented a rare positive step in the fight against ransomware, which REvil deployed in two of the biggest cyberattacks of 2021: the attack on meat processing conglomerate JBS and the worldwide July 4th incident that stole the data of thousands of businesses around the world.
The group’s public-facing “happy blog,” which listed victims of ransomware, was taken down, along with custom websites that the group used to negotiate with the businesses it had attacked. The question now is who or what is responsible for the disappearance of REvil’s online presence.
Could it be credited to American President Joe Biden’s demand of Russian President Vladimir Putin that he takes action to stop the attacks? Could the United States Cyber Command be responsible, acting on the U.S. government’s declaration of ransomware attacks as a serious threat to national security? Or could it be attributed to REvil itself, which some security experts suspect could have eliminated its own online presence to avoid the attention of law enforcement agencies?
The latter theory has happened before: in May, another Russia-based group, Darkside, deployed a ransomware attack on Colonial Pipeline that led to gas shortages up and down the East Coast of the United States. Weeks later, Darkside publicly announced that it was going out of business because it hadn’t intended to attack public infrastructure.
For the thousands of businesses that have been impacted by ransomware recently, the dismantling of REvil’s web presence provides only a small measure of relief. For those who were still negotiating with REvil to try and retrieve their encrypted data, they were left in a particularly harmful lurch: unable to even pay a ransom to retrieve their stolen data and return their businesses to normal operations.
1. Proactive network security that deploys multiple layers of protection, prevention, monitoring, incident response, and event management for all devices
2. Comprehensive data backups that create multiple copies of critical information
3. Clear plans for rapidly recovering that backed-up data if an attack occurs
4. Security awareness training for every employee of your business so they know how to identify user-based cyber threats
One of the most important methods to prevent a ransomware attack is to make sure all machines and operating systems are updated—especially when new vulnerabilities are identified. With the help of a trusted IT provider, this process can be automated to run in the background, ensuring your computers stay safe and your employees don’t have their day-to-day work disrupted. This layer has become even more important as scammers and hackers have started sending out fake update notifications that appear to come from trusted companies like Microsoft. At CMIT Solutions, we vet and approve all patches and updates before they’re deployed on your computers.
This layer of security allows your business to fine-tune its Internet access policies by IP address, limiting entry to websites that pose a risk to your network. DNS filtering is a simple yet effective way to deter everyday web usage from becoming a serious security threat by whitelisting safe websites and blacklisting dangerous ones, reducing the likelihood of network infection, and monitoring and analyzing web traffic to provide real-time protection.
In the past, users were encouraged not to open ANY attachments or click on ANY links, especially in suspicious-looking emails. Instead of placing that responsibility entirely on employees, though, advanced email filtering adds an automated component to these critical actions. Attachments and links are placed in a “sandbox” so they can be tested before they are delivered to your users’ inboxes, and links are automatically tested for legitimacy. Illicit messages can still sneak through, which is where human-based security intelligence comes into play. But email filtering adds another layer of security.
As always, these three advanced tactics still can’t provide 100% protection. Determined hackers can typically figure out how to elude any protection layers, which is why it’s so important to work with a trusted IT provider who can deploy further detection layers to keep your business safe.
At CMIT Solutions, we go above and beyond the call of duty to protect the data, devices, and digital identities of you and your employees. As ransomware evolves and hackers test new attempts at network infection and data compromise, our 800+ technicians located across North America stay ahead of the curve by working 24/7 to deploy new protections and devise new strategies for IT success.
If you want to take the next steps to protect your business from ransomware, contact CMIT Solutions today.