The world is potentially waking up as a safer place this Monday, as media reports filter in of the arrest of the prolific cyber extortionist gang, REvil over the weekend. The arrest of a cybercriminal group is not partically news worthy however, the REvil arrest is exceptional for a number of reasons, most specifically because it occurred on Russian soil, enacted by Russian law enforcement and most strikingly trigger by US intelligence.
This rare moment of cooperation is a momentous occasion for the cyber world and a surprising development, given the Russian authorities historical inaction towards cyber criminals active within Russian territory but confining their targeting to Western victims.
REvil are somewhat of a poster child for cyber extortion gangs having historically netted millions of dollars in ransom payments as well as achieving some historically significant attacks such as the compromise and shutdown of Colonial Pipeline in the United State in 2021. Although effectively going offline after the Colonial Pipeline attack, REvil have occasionally resurfaced and been linked to other successor groups such as the Blackmatter gang. In a time when people were fighting a pandemic, this gang used the opportunity to cause additional suffering.
REvil’s Impact on the Supply Chain
With a modus operandi of deliberately targeting third parties within an organisation’s wider supply chain, groups such as REvil are have widened their impact significantly over the past two years, as the vulnerabilities of our highly interconnected society becomes apparent. The impact of supply chain targeting can be seen with case studies as diverse as the JBS S.A. attack by REvil in 2021, which caused a shutdown of all the company’s U.S. beef plants and disrupted operations at its poultry and pork plants. Outside of the farming/ logistics sector the attack on Kaseya VRM an organisation active in the software manufacturing sector, highlights how groups like REvil impact across multiple sectors and their attached supply chains.
Cyber Extortion post REvil
REvil may be gone but, this isn’t the end of ransomware or cyber-attacks on third-partys. Unfortunately, the departure of REvil has merely created a gap for a new generation of cyber criminals to fill the void. With cyber extortion being a multi-billion-pound industry there will always be those looking to step into the shoes of historical cyber criminals.
Given the dependence on businesses on third-party supplier their will be a natural increase in the attack surface of the business. And as the reliance on third-parties is likely to increase so is the risk to the business. As with every other area of business risk, there are things business can put in place to minimise risk. Within this context we recommend that every organisation should consider using our automated Third-Party Risk Management (TPRM) software, Horizon, to give businesses an understanding of their supplier’s risk and cyber posture.
This continuous monitoring of your third parties will quickly help identify potential areas for cyber criminals to exploit and prevent you becoming a victim to a group similar to REvil.