REvil ransomware that was used in another incident investigated by Sophos. It was successfully deployed against JBS who paid $11 million for the decryption key.
The ransomware gang managed to encrypt data on some of the unprotected devices. They also deleted online backups when they noticed the investigators were working on the case.
A ransom note was left by REvil on one of the few encrypted devices. The cybercriminals wanted $2.5 million in bitcoin for a decryption key.
Naturally, in this case, no ransom was paid. The company had already discovered the planted software. And the cybercriminals were stopped in their tracks when cybersecurity experts were called in.
Issues with Remote Access
The fact remains that attackers managed to gain enough control of the network to install software on over 100 machines. The company did discover the attack just in time. But it was close.
Paul Jacobs, the incident response lead at Sophos explains why the targeted company didn’t notice what was happening on their network sooner.
