What is REvil? How to respond to a ransomware attack

What is REvil? How to respond to a ransomware attackA ransomware gang called REvil has pulled off an audacious attack which reportedly brought down more than one million systems and resulted in demands for payments totalling $70 million.

The Russia-linked group is alleged to have breached the systems of a US-based software company called Kaseya.

It then launched a supply chain attack which affected organisations in 17 different countries. Individual companies were asked to pay up to $5million, before REvil said it would stop the entire hack for $70 million in Bitcoin.

The incident was so huge it prompted the FBI to warn that it couldn’t possibly deal with every company involved. “Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat,” it wrote.

Organisations have been urged to shut down their VSA servers, which is software Kaseya customers use manage their digital infrastructure.

So what happens if your company becomes a victim?

Here’s a few tips on how to respond to a ransomware attack.


Should I pay the ransom?

The answer to this is clear: no.

Firstly, you’re dealing with a crime gang. There’s no guarantee that it will just take the money and everything will snap back to normal. If it has stolen your data, you might not get it back. If you’ve been the victim of double extortion in which data is stolen, exfiltrated and then ransomed, there’s even less change of seeing the data again once a payment is made.

The best form of attack is defence. Nowhere is this cliché truer than in cybersecurity.


How to Protect Your Business Against Ransomware

There are best-practice steps that can be taken to dramatically reduce the chance of that dreaded demand screen appearing on your company’s computers:

1) Ensure your antivirus is up to date

This is a simple piece of advice, but one that people continue to forget. Antivirus is not going to completely solve the problem – it is based on known signatures, so new types of malware (which are constantly being developed) will likely slip through the cracks.

However, you don’t want to be caught out by known malware, and ensuring your AV is installed and updated across all endpoints works as an effective first line of defence against many ransomware strains.

2) Patch your software

Again, this seems fairly obvious, but a world-wide apathy towards patching is effectively what allowed the WannaCry attack to cause the devastation it did.

While employees may think updating their applications is time consuming and disruptive (admit it, how many times have you clicked ‘no’ on a Windows or Apple notification to download the latest software), it is necessary to fix system bugs and vulnerabilities.

The IT department’s struggle is how to enforce company-wide update. But the simple fact is that failing to update means leaving your business open to cyber-attacks.

3) Educate your employees

Educating your employees is crucial. Staff should know what to do in the face of potential cyber-attacks.

Questions such as ‘do I know this sender?’, ‘did I order this product?’ and ‘is it safe for me to click this link?’ must be at the forefront of all employees’ minds.

Your business is your staff, and increased security knowledge will be a huge help in preventing you from falling victim to a ransomware attack.

4) Filter email servers

Many ransomware attacks will use much more simple infiltration methods, relying on poor security practices. One of the most common ways that ransomware (and malware generally) reaches victims is through email phishing campaigns.

While employee education is important, it can only go so far – sooner or later someone will slip up and click a dodgy link if the proper protections are not in place.

To lower the risk of malware entering your organisation’s inbox and infiltrating your network, you should use software that blocks executable content. Stop these emails, and you’ll massively reduce the risk of a cyber-attack.

5) Limit employee access to company data and dangerous online content

Again, this is about limiting the opportunity for your employees to put your company at risk. Does everyone in your company have access to everything on your organisation’s system? If so, is that really necessary? Limiting staff access will go a long way to reducing the threat surface.

6) Secure the cloud

Cloud applications have brought a great deal of benefits to organisations, but also many potential points of vulnerability. Cloud-only malware is on the rise, and has a completely different modus operandi to traditional malware. To combat this emerging threat, organisations need to establish visibility and control over their cloud applications and begin to treat it in the same way they’d treat emails: scanning for malware and acting swiftly to quarantine threats.



Find out how CASB can improve your organisation’s security posture

🍪 This website uses cookies to improve your web experience.