REvil ransomware group has demanded $500,000 from Managed.com, a web hosting provider. On Monday, Managed.com announced a cyberattack on their network.
REvil’s infiltration caused enough damage to encourage Managed.com to take down their servers and web hosting systems offline. At the time of this publication, Managed.com’s website was not accessible.
REvil infected Managed.com’s customer sites and public-facing web hosting systems. A particular number of customer sites had their data encrypted. This is concerning because it usually means that the encrypted data has also been exfiltrated and REvil’s attack process likely involves the sharing of this data on their blogs or forums. It is not certainly clear when Managed.com will be able to restore their operations, which takes a big toll on their business operation.
REvil ransomware, also known as Sodinokibi, has been active since last April and demands high-dollar ransoms on organizations. REvil is a distinguished Ransomware-as-a-Service (RaaS) where affiliates can obtain the working code and spread the malware to different machines. In this incident, Managed.com has been given a due date for the decryption tool and if they do not pay REvil by the date, the price to have their systems restored and decrypted is going to double.
REvil has a flexible code with the ability to do the following once in an environment:
- Exploit the CVE-2018-8453 vulnerability
- Remove blacklisted processes before encryption
- Destroy contents of blacklisted folders
- Encrypt non-whitelisted files and folders
- Exfiltrate basic host information
These tips will help to falling victim of a cyberattack:
- Patch often
- Disable RDP
- Enable email filters
- Backup files
- Quarantine mission-critical systems and data
Ransomware attacks will not cease, so our engineers are planning protection for organizations constantly and utilizing our EDR Platform, ShadowSpear® to maximize the security of an organization. Network defenders should apply these strategies and tools to avoid falling victim to malicious threat groups, such as REvil, though it usually begins with non-technical end-users. They must have an understanding of the importance of cyber awareness. After your employees are aware of the potential threats, utilizing a trusted Endpoint Detection and Response (EDR) tool will put your organization on an even higher level to protect your network.
Our cybersecurity professionals are always on alert for malware and manipulative programs by building cases on the threat groups and actors that are encountered on a daily basis. Our 24/7 Security Operations Center (SOC) is complete with certified security engineers to monitor and protect your environment.
Not only are they continuously preventing cyberattacks, but they can also deploy ShadowSpear® in your environment before or after an attack.