Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
May 16, 2022
Many companies have stared down cyber crime organizations like REvil, DarkSide and BlackMatter only to see them disappear overnight. Being attacked and having systems and terabytes of data held hostage and huge ransom demands for the keys to unlock the files – this is a company’s worst technology nightmare. It’s bad enough to be the victim of a ransomware attack, but what happens when a victim company has no bad guy to pay – and therefore no bad guy to provide a decryption key? What was the purpose of the attack?
In years of leading cyber investigations, I’ve seen ransomware gangs go dark for a number of reasons, including infighting; fear of law enforcement or the intelligence community; partner activity that threatens the organization; and heightened media attention. In some unique cases, government agencies have neutered gangs by infiltrating them and taking control of servers. These operations lead to law enforcement takedowns of the members, dismantling of the infrastructure and access to the decryption keys, which are used to unlock victims’ files.
In other cases, groups got scared and went dark out of fear they might be caught and criminally prosecuted. Finally, there are groups that simply don’t have the ability to follow through and decrypt the victim’s data; these gangs hope victims will pay before the ruse is discovered. Once the money is in their account, they disappear, leaving the victim with neither its cash or data.
The threat of getting caught, though, isn’t enough to scare off ambitious hackers. All too often, members of dismantled groups escape arrest and prosecution, joining up with others to form new gangs or striking out on their own to provide “crowd-sourced” hacking services for hire. They can also get the band back together – and in some cases do – starting up again under a different name.
Not long after launching a major supply chain attack in July 2021, REvil went dark. The group’s infrastructure, including its surface and DarkWeb portals (used for ransom negotiations and data leaks) were shut down on July 12. Before this, though, REvil was one of the most prolific, high-profile ransomware gangs in the world. (Their business model is unique: they typically rent code out in what is termed “Ransomware as-a-Service.”)
REvil’s vanishing act stands out because it was a shock, believed to be driven by the media and U.S. government actions taken as a result of the May 2021 Colonial Pipeline attack. But it was also unusual because there was no prior notice or statement on either the mainstream web or the DarkWeb. It also didn’t follow the lead of other defunct ransomware gangs and release a master decryption key before seeping into the ether.
What isn’t shocking to me is REvil’s reemergence after the Russian government’s alleged arrests of members in January. Assuming these actually occurred – not a safe assumption, by any means – it would be folly to believe that the hackers are still in custody given the Russian invasion of Ukraine, the imposition of economy-crushing sanctions by the United States and its Western allies, and the current geopolitical relationship between the U.S. and Russia. Furthermore, the lackluster history of law enforcement against cyber actors within Russia’s borders suggests that REvil’s reemergence and new look are directly tied to the war in Ukraine. As the Russian economy founders, the Russian state threat actors and their proxies – most notably REvil and Conti – will be using their ransomware tools to help fund the Russian regime and the war in Ukraine.
Unfortunately, ransomware continues to be profitable, coming at the expense of companies public and private, large and small, in every industry. Enterprises must understand the cyber threat environment and be truly honest about the vulnerabilities within their ecosystem; they must secure their data and ecosystems: and they must combine these internal actions with serious intelligence-based public and private partnerships.
Only then will ransomware groups cease to be a threat.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
June 17, 2021
Recent high-profile cyber attacks, including the Colonial Pipeline ransomware and SolarWinds supply chain hacks, led to the White House executive....
April 20, 2022
The Cyber Incident Reporting for Critical Infrastructure Act requires organizations to report cybersecurity incidents within 72 hours.
This advisory outlines the steps Optiv is taking in response to Russia’s invasion of Ukraine and offers counsel for our clients and partners.
Let us know what you need, and we will have an Optiv professional contact you shortly.