{"id":4125,"date":"2021-11-18T20:34:10","date_gmt":"2021-11-18T19:34:10","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=4125"},"modified":"2021-11-29T20:34:53","modified_gmt":"2021-11-29T19:34:53","slug":"ukin-tech-update-revil-takedown-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2021\/11\/resources\/ukin-tech-update-revil-takedown-what-you-need-to-know\/","title":{"rendered":"UKIN Tech Update: REvil takedown \u2013 what you need to know"},"content":{"rendered":"<p>On the\u00a04<sup>th<\/sup>\u00a0November, Romanian authorities had arrested two individuals suspected of cyber-attacks using REvil\u00a0ransomware. They are allegedly responsible for 5,000 infections, accounting for \u20ac500,000 in ransom payments, <a href=\"https:\/\/www.europol.europa.eu\/newsroom\/news\/five-affiliates-to-sodinokibi\/revil-unplugged\" target=\"_blank\" rel=\"noopener\">according to European law enforcement agency Europol.\u00a0<\/a><\/p>\n<p>In addition to these arrests, three additional arrests were made in February, April and 2021 by authorities in South Korea against affiliates involved with\u00a0REvil\u00a0ransomware. Another affiliate was arrested in Europe in October. In total, the operation has resulted in seven arrests and it&#8217;s the first time they&#8217;ve been disclosed publicly by law enforcement.<\/p>\n<p>REvil\u00a0has been one of the most notorious ransomware groups of 2021, responsible for hundreds of high-profile attacks around the world.<\/p>\n<p>Europol supported this operation, providing analytical support, as well analysis into malware and cryptocurrency. The 17 countries participating in \u201cOperation\u00a0GoldDust\u201d\u00a0are Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg, Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom and the United States.<\/p>\n<p>The arrests are the latest in a string of operations by law enforcement targeting ransomware operations. Last month saw a Europol-led operation target 12 suspects in Ukraine and Switzerland believed to be behind\u00a0LockerGoga,\u00a0MegaCortex, Dharma and other ransomware attacks. It was also recently reported that law enforcement from multiple countries helped take down key elements of\u00a0REvil.<\/p>\n<p>At Sophos, it is one of the ransomware-as-a-service (RaaS) encountered frequently. We devote significant effort to combating this menace. In our world-leading endpoint product, Intercept X, we have the <a href=\"https:\/\/support.sophos.com\/support\/s\/article\/KB-000036377?language=en_US\" target=\"_blank\" rel=\"noopener\">tamper protection feature<\/a> that prevents a script from disabling endpoint protection features, we use behavioural detection rules that identify core activities associated with ransomware and we have a feature called Cryptoguard that mitigates the risk of ransomware from encrypting data.<\/p>\n<p>The anti-ransomware technology included in Intercept X detects malicious encryption processes and shuts them down before they can spread across your network. It prevents both file-based and master boot record ransomware.<\/p>\n<p>Any files that were encrypted are rolled back to a safe state, meaning your employees can continue working uninterrupted, with minimal impact to business continuity. You get detailed post-cleanup information, so you can see where the threat got in, what it touched, and when it was blocked.<\/p>\n<p>Even though ransomware has been a threat for decades, it has evolved in sophistication and the operators are adapting to the cybersecurity landscape to evade detection and they will use tactics such as coercing victims into paying. Example of this seen by the Sophos Rapid Response team include <a href=\"https:\/\/news.sophos.com\/en-us\/2021\/10\/28\/the-top-10-ways-ransomware-operators-ramp-up-the-pressure-to-pay\/\" target=\"_blank\" rel=\"noopener\">attackers emailing or phoning a victims\u2019 employee<\/a> and telling them that their personal data has been stolen. The goal is to scare them into demanding their employer pays the ransom.<\/p>\n<p><a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-threat-response\" target=\"_blank\" rel=\"noopener\">Sophos MTR<\/a> is a 24\/7 threat hunting, provides 24\/7 threat hunting, detection, and response capabilities as a fully-managed service. It is delivered by an expert team, who can investigate suspicious activity that can eventually lead to ransomware and is able to neutralise incidents before they become a bigger problem. <a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/pdfs\/factsheets\/sophos-mtr-ds.pdf\" target=\"_blank\" rel=\"noopener\">Learn more by clicking here.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>REvil has been one of the most notorious ransomware groups of 2021, responsible for hundreds of high-profile attacks around the world.  Read on to discover more and Sophos\u2019 experience with REvil.<\/p>\n","protected":false},"author":8,"featured_media":1190,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[16,21],"coauthors":[199],"class_list":["post-4125","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-technical-news","tag-threats-malware"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/04\/featured-image-UKI-tech-update-Partner-app-icon-1600x960-1.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/4125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=4125"}],"version-history":[{"count":2,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/4125\/revisions"}],"predecessor-version":[{"id":4138,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/4125\/revisions\/4138"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media\/1190"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=4125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=4125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=4125"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=4125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}