REvil Ransomware Targeted Sanitary Components Supplier

REvil Ransomware (aka Sodinokibi), a sophisticated file-encrypting windows strain distributed with the Ransomware-as-a-Service (RaaS) model, is reportedly hitting organizations and demanding large ransoms to provide the decryption key to unlock infected files.

Targeted organizations

While attacking the organizations, the malware operators encrypted data files and demanded a ransom in cryptocurrency in return of the digital key to unlock the infected systems. If not paid, they would dump and auction the data online.

A known attack vector - exploitation of an unpatched vulnerability

The operators of REvil ransomware mainly leverage an arbitrary file read vulnerability (CVE-2019-11510) to distribute REvil ransomware and extort large organizations.
  • In May 2020, REvil ransomware targeted Grubman Shire Meiselas & Sacks, through an unpatched Pulse Secure VPN server.
  • In January 2020, cybercriminals infected foreign exchange company Travelex with REvil malware using the same known vulnerability.
  • Last year, the attackers targeted a range of companies using the same attack vector.

Security recommendations

Users should keep the operating system, applications, and browsers patched with the latest updates to prevent the exploitation of known vulnerabilities. Use a trusted anti-virus and web security software solution on connected devices including desktop and mobile, Mobile. Users should perform a regular backup of critical and sensitive data.