government carried out the hacking operation that penetrated REvil's computer architecture. One person familiar with the events said that a foreign partner of the U.S. "Broadly speaking, we are undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors, working with the private sector to modernize our defenses, and building an international coalition to hold countries who harbor ransom actors accountable," the person said. Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil.Ī spokesperson for the White House National Security Council declined to comment on the operation specifically. “Ironically, the gang's own favorite tactic of compromising the backups was turned against them.” “The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement.
VMWARE HORIZON HACKERS SERVERS ACTIVE BY OFFLINE
DECRYPTION KEYįollowing the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom.īut law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged.Īccording to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers.Īfter websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet. That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls. software management company Kaseya in July. government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised U.S. "The server was compromised, and they were looking for me," 0_neday wrote on a cybercrime forum last weekend and first spotted by security firm Recorded Future. “REvil was top of the list.”Ī leadership figure known as "0_neday," who had helped restart the group's operations after an earlier shutdown, said REvil's servers had been hacked by an unnamed party. Secret Service on cybercrime investigations. "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Kellermann, an adviser to the U.S. VMWare (VMW.N) head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies.
VMWARE HORIZON HACKERS SERVERS ACTIVE BY FOR FREE
Register now for FREE unlimited access to Register