When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Avaddon handed over the decryption keys and retired, and Clop ransomware affiliates were arrested, but REvil has remained very active amidst global pressure from law enforcement.
REvil Remains A Global Threat
On Tuesday, Grupo Fleury’s website displayed a message explaining they were hit with a cyber attack and systems were not functioning. “Please be advised that our systems are currently unavailable and that we are prioritizing the restoration of services” the alert read. “The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services.” Through retrieved samples, signs point to REvil being responsible for the attack on Grupo Fleury.
REvil, also known as Sodinokibi, has performed attacks on high-profile organizations such as JBS, the world’s largest meat producer, Sol Oriens, a nuclear weapons contractor, and a Brazilian court system.
REvil usually makes their way into networks through phishing emails with requests to download documents and “enable content”. Once these items are clicked, REvil gains entry into environments to steal data, encrypt files, and then request ransoms. Ransoms are paid to REvil in exchange for the data to be deleted and decryption keys to unlock files on the victim machines.
REvil operators have not slowed their attack frequency during a time when some groups seem to be cowering away in light of increased global pressure. Organizations must remain vigilant in defending threats because even when ransomware attacks as a whole may be on a decline, certain groups, just like REvil, will fill the gap left by defunct groups. If you’re not actively trying to improve your network security, you’ll miss critical vulnerabilities and threat actors will take advantage of them.
SpearTip’s Security Operations Center as a Service (SOCaaS) is functioning 24/7/365 to defend partners’ environments. While you’re asleep or off on the weekend, threat actors are circling vulnerabilities like hawks. Our engineers stop these threats before they can ever infect your machines with the help of our proprietary endpoint detection and response tool, ShadowSpear®. ShadowSpear® blocks malicious ransomware executables from running on your machines and our engineers are watching behind the scenes. The human vision on these activities is crucial for the response to threats and protection of your organization’s most critical asset, data. Our Incident Response capabilities allow us to respond to intrusions in less than 15 minutes, reclaim networks in 6 hours, and completely restore operations in under 36 hours.
SpearTip’s cyber experts continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.
View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
ShadowSpear Platform
Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
ShadowSpear Demo
Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.
