REvil hacking group says it has made more than $100m in a year

Gang behind Travelex hack says it hopes to earn $2 billion from ransomware as a service

Hackers behind the REvil ransomware have claimed to have made more than $100 million in one year from extorting large businesses.

Not satisfied with their ill-gotten wealth, the group wants to make $2 billion with its ransomware as a service business, a representative for the hacking group told a Russian tech blog, as reported by Bleeping Computer.

Russian blog OSNIT claims to have interviewed the REvil representative, who uses the aliases "UNKN" or "Unknown" on criminal forums, discussing some of the group's activities and its plans for the future.

The gang, which were first spotted in early 2019, operates an as-a-service model, where it supplies and manages file-encrypting malware to paying customers. For every successful ransomware attack using this service, the REvil group takes a cut of around 20-30%.

Customers are alleged to have success attacking airports, charities, and businesses across the globe over the past year. Attacks on law firm Grubman Shire Meiselas and Sacks in May, where large volumes of client data, most of which belonged to celebrities, was accessed.

However, the group's most high-profile attack was that against Travelex in January, which crippled its services for most of the year and is considered to be one of the reasons why the company went into administration in August.

According to Unknown, attackers using REvil ransomware took just three minutes to breach Travelex's systems by exploiting a vulnerability in Pulse Secure VPN. This, they said, was left unpatched for months despite a fix being available.

REvil, which is short for 'Evil Ransomware', have used their stolen wealth to search for new distributors by depositing $1 million in bitcoin on a Russian forum. The move is designed to highlight how much profit can be made from ransomware in a bid to find "new blood" in the profession, according to Unknown.

Related Resource

2020 Cyber Threat Intelligence (CTI) survey

How to measure the effectiveness of your CTI programme

Download now

The group initially made its money from encrypting files, including any backups, in an attempt to get victims to pay for its release. However, stealing and threatening to leak data on the web has proven to be a far more lucrative tactic over the last year, with companies more fearful of reputational damage than the financial cost. According to Unknown, this is now a primary tactic of the REvil group.

As for future activities, it was also claimed that affiliates have hit the network of a "major gaming company", which the group will reveal "soon".

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Best ransomware removal tools
Security

Best ransomware removal tools

17 Nov 2020
What are biometrics?
Security

What are biometrics?

27 Nov 2020
Black Friday's best antivirus deals
Security

Black Friday's best antivirus deals

27 Nov 2020
Veritas Access Appliance with IBM Spectrum® Protect
Server & storage

Veritas Access Appliance with IBM Spectrum® Protect

27 Nov 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020