It’s financial earnings season for tech… and that appears to include ransomware operators, as the REvil ransomware gang has claimed they made more than $100 million in one year. Their anonymous representative indicates that they plan to make $2 billion from their ransomware service. Per reporting in Bleeping Computer, they have diversified their business, moving from victims paying to unlock files to stealing data and threatening leaks, and this method has proven to be so lucrative that REvil makes more money from not publishing stolen data than from decryption ransom.
The representative says that one in three victims are willing to pay the ransom to prevent the leaking of company data, and that this could be the next step. REvil is also thinking about leveraging distributed denial-of-service attacks to increase their odds of getting paid in an effort to force victims to start or restart negotiating a payment. They are borrowing this idea from the SunCrypt ransomware.
Meanwhile, and unrelated, the Maze gang is shutting down operations. The group, known for their double-extortion tactic of both encrypting the data and also threatening to release it, was confirmed by Bleeping Computer to be in the process of closing. Notably, they intend to release a press release to confirm their closure, and their affiliates are moving over to a new operation.
Why do we care?
Think about the business strategy going on here. Diversification of revenue. Company lifecycle management. Affiliate programs and building a distribution channel. Financial management. PR campaigns.
I don’t think we give enough credit to the other side in this fight, as they are well organized crime organizations.
Two reasons here I care. First, are you briefing your customers on this threat? If they don’t understand the enemy, will they take them seriously?
Second, that education drives the thinking of those legislatures. If you made this physical, you’d be terrified of the armed gangs. More importantly, government leaders are wising up.
Source: Bleeping Computer