Guest Jon DiMaggio, Chief Security Strategist at Analyst1, joins Dave Bittner to discuss his team's research "A History of REvil" that chronicles the rise and fall of REvil. The REvil gang is an organized criminal enterprise based primarily out of Russia that runs a Ransomware as a Service (RaaS) operation. The core members of the gang reside and operate out of Russia. REvil leverages hackers for hire, known as affiliates, to conduct the breach, steal victim data, delete backups, and infect victim systems with ransomware for a share of the profits. Affiliates primarily stem across eastern Europe, though a small percentage operate outside that region. In return, the core gang maintains and provides the ransomware payload, hosts the victim data leak/auction site, facilitates victim communication and payment services, and distributes the decryption key. In simpler terms, the core gang are the service provider and persona behind the operation, while the affiliates are the hired muscle facilitating attacks. Jon walks us through the team's findings and details REvil's story.
The research can be found here:
A History of REvil