REvil Threat Actor Group Executes Two New Attacks
Ransomware threat actor group REvil seems to have pulled off two new successful attacks, according to reports. The first of the two latest victims of the hackers is a fashion clothing company called French Connection that markets its products under the cheeky FCUK branding, as it's based in the United Kingdom. The second victim is located in South America and is a Brazilian medical company called Grupo Fleury.
REvil, which is also the entity operating the infamous Sodinokibi ransomware that has been around for a few years now, breached French Connection's backend servers and exfiltrated personal information related to the company's high-ranking executives.
Threatpost reported on the incident, quoting British publication The Register and informing that the French Connection executives have had their personal ID card scans displayed by the hackers as proof of their successful attack.
French Connection published a statement informing of the intrusion and also said that the company has "no evidence" that the bad actors were able to access any customer information. As expected, the company cut off affected systems from the larger network immediately when they found out about the breach and then hired external help to fix the situation.
The attack on the Brazilian medical company took place on June 22 and as of the next day they stated that they were still working towards restoring normal operations. The statement about the attack was made available by a Rio de Janeiro online publication.
The attack on the medical company is easy to explain, because if the hackers managed to get their hands on patient data and testing results, they could easily extort money in order not to leak it online. The situation with French Connection, however, is more interesting. There doesn't seem to have been any big ransom demand here, or at least it doesn't seem likely, given what the hackers decided to show as proof of their attack. The shift towards targeting high-ranking individuals and not the corporate databases of a company is an interesting one.
Threatpost further quoted security expert Dirk Schrader and he brought up a very interesting new term - 'ransomware fatigue'. The implication was that this type of ransomware attack has become so frequent and announcements of yet another victim of REvil, DarkSide group or some other threat actor group have become so frequent, both companies and the IT security community are starting to become a bit apathetic to it all.
REvil Ransomware Cybercrooks Launch New Attacks on Hundreds of Businesses During July 4th Holiday
The REvil Ransomware attacks were discovered on Friday, July 2nd right after REvil hackers used a software update to attack Kaseya’s remote desktop services. The attack prompted the company to shut down its SaaS servers to protect customer data. The precautionary measures taken potentially reduced the dire consequences of the attack. Other companies attacked may not have been so lucky as ransomware threats like REvil lock data through encryption and leave some organizations no other choice but to pay a substantial ransom fee potentially in the millions of dollars to get there data back.