June 2, 2021 | 2 minute read
According to reports, meatpacking giant JBS was hit with a serious attack reportedly involving REvil ransomware, shutting down a good portion of the company’s production capabilities and threatening to create supply chain disruptions and sharp cost of goods increases.
Back in April of 2019, the Cybereason Nocturnus team first encountered and analyzed a new type of ransomware dubbed REvil (aka Sodinokibi, Sodin), a notoriously aggressive and highly evasive threat that takes many measures to maintain obfuscation and prevent detection by security tools.
The Cybereason Defense Platform is proven to detect and block REvil ransomware since it emerged in 2019, and continues to allow defenders to protect their organizations from this evolving threat:
The Cybereason Defense Platform Detects and Blocks REvil Ransomware
Tested sample in the video was uploaded to VirusTotal on June 2nd 2021:
Cybereason AI-based NGAV solution prevents the execution of the REVIL ransomware
Cybereason Anti-Ransomware technology detects and blocks REvil
Over time, REvil has become the largest ransomware cartel operating in operation to date. Subsequent attacks attributed to the REvil gang include a March, 2021 attack against Taiwanese multinational electronics corporation Acer where the assainlants demanded a record breaking $50 million ransom.
In April, the REvil gang attempted to extort Apple following an attack against one of the tech giant’s business partners with a $50 million ransom demand with the additional threats to increase the ransom demand to $100 million and release exfiltrated data from the target should the payment not be made promptly.
The REvil ransomware gang have previously been connected to the same authors of the prolific GandCrab ransomware, which was retired in June 2019. GandCrab was responsible for 40% of all ransomware infections globally. If the association is accurate, GandCrab sets a good example for just how impactful REvil may become.
Much like the DarkSide ransomware gang that struck Colonial Pipeline in early May, the REvil gang follows the double extortion trend, where the threat actors first exfiltrates sensitive information stored on a victim’s systems before launching the encryption routine.
After the ransomware encrypts the target’s data and issues the ransom demand for payment in exchange for the decryption key, the threat actors make the additional threat of publishing the exfiltrated data online should the target refuse to make the ransom payment.
This means the target is still faced with the prospect of having to pay the ransom regardless of whether or not they employed data backups as a precautionary measure, and underscores the need to take a prevention-first security posture.
The best ransomware defense for organizations is to focus on preventing a ransomware infection in the first place. Organizations need visibility into the more subtle Indicators of Behavior (IOBs) that allow detection and prevention of a ransomware attack at the earliest stages.
Cybereason delivers fearless ransomware protection via multi-layered prevention, detection and response, including:
Cybereason is dedicated to teaming with defenders to end cyber attacks from endpoints to the enterprise to everywhere - including modern ransomware. Learn more about ransomware defense here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
The Cybereason Security Team champions cyber defenders by providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. The Cybereason Defense Platform combines the industry’s top-rated detection and response (EDR and XDR), next-gen anti-virus (NGAV), and proactive threat hunting to deliver context-rich analysis of every element of a Malop (malicious operation). The result: defenders can end cyber attacks from endpoints to everywhere.All Posts by Cybereason Security Team