Largest Ransomware Gang Disappeared

Geek Speak

In July one of the largest ransomware gangs disappeared without any explanation.  The ransomware gang REvil is known for their recent attacks on Kaseya, JBS, and approximately 42% of all recent attacks.  It is unclear why the groups online footprint just disappeared, however, there are speculations on weather the US took action,

if the Russian government shut it down, or it disappeared for other reasons.  Join Michael and Ken as they give us the scoop on the recent disappearance. 

 

ransomware

 

Video Transcription

Harry Brelsford  0:07 

Hey SMB Nation Harry here back with the Dream Team Michael Jenkin out of Perth, Australia, Ken Dwight out of Houston, Texas. Welcome, gentlemen. How you doing?

Ken Dwight  0:19 

Great, but I'll let Michael correct you on what part of Australia he's in.

Michael Jenkin  0:23 

I could I could take her drive 18 to 20 hours that away and I could go to Perth, but now I'm in Adelaide. So I can't say sunny or bright Adelaide or say dreary, wet, cold, unusually wet Adelaide. But yes, welcome, Harry. We're here.

Harry Brelsford  0:41 

All right, my bad, my bad. Well, I'll tell you what we want to talk about ransomware family shutting down, but actually just changing identities multiple times in some cases. You guys turned me on to an interesting article on this. And Krebs on security. So start with you Ken what's what's the basic story? What's going on here?

Ken  1:05 

Well, the basic story is that, as you know, there have been some very high profile ransomware incidents. And they're pretty quickly attributed to a particular ransomware group that that created the malware in the first place. And a couple of the most recent ones everybody heard about were the colonial pipeline, and the JBS meat Packers, and most recently, the Kasaya breach. And each one of those, as part of the early analysis that was revealed, well, this is the our evil attack or silver mcareavey, or it's a bitpaymer double payment. And and before long, in fact, they've been several cases now, where these ransomware creators have just disappeared. And their dark web sites and their bitcoin wallet and everything, they've just gone away. And so when this first happened, there was kind of a collective sigh of relief that Whoa, they must have made enough money and decided to get out of the business before the cops come after him or what, after whatever. But then within a day or two, it turns out that the same people that did that particular one had reincarnated under a different name. But the the analysts to go through the code, they just assemble and reverse engineer recognized the fingerprints of this particular ransomware. And, yes, it might have a different name now. But this technique they're using and this encryption method and Miss whatever, whatever whatever they can say, with a high degree of certainty. It's the same people under this name now that we're under that other name last week.

Harry Brelsford  2:46 

So Interesting. Interesting, Michael, over to you thoughts?

Michael Jenkin  2:50 

Yeah, look, it's like a hot potato. Nobody wants to hold a hot potato in their hand, the ransomware writers become the hot potato. And everyone's attention sort of points towards them, they become big in the media, they do something very large. And suddenly, there's people after them. And they really enjoy making their money. And they don't want to be found. And they don't want to be in a perpetual, I guess, running around trying to duck and hide, and we've, so they've become a hot potato. And the easiest way to get rid of that hot potato, change the name, make the focus, look elsewhere, deny that as you move on. That way, if something happens, you can't be blamed for that other stuff. At the same time as doing that, they've also hit a few high profile places that probably doesn't sit well with people like hospitals and things like that. And of course, they want to disassociate themselves from, I guess, being evil, and as a business, and as soon as they get associated with having done the wrong thing. And we know ransomware is the wrong thing. But targeting things they shouldn't be targeting. The best way to move on is to change your name. And of course, it's also a great way to release a whole brand new tour website, and whole brand new different technologies and I guess up oneself from the previous incarnation. So I do see them as that hot potato, they've become a little hot. So there's come up with a brand new, fantastic name, and let's just go do it all again. But under our brand new umbrella, whoever we are now. And that's what they've done.

Harry Brelsford  4:24 

Yeah, by analogy. And I can't out engineer you guys, but I'll give you a real world. There's some the by analogy, I used to always joke as a Seattle entrepreneur forming SMB nation. If the feathers hit the facts, I could be in Bozeman, Montana by Monday, and recreate myself with a new identity, right? Nope, no one would know who I am. I could recreate my line of work and so it's, it's a well worn path. Fortunately, I didn't have to drive away in the middle of the night. In do that, but by analogy, I think I think that's the conversation we're having.

Ken Dwight  5:06 

Yeah, yeah. And especially with the political heat that's been turned up on these, these recent attacks. And, of course, our politicians are good at figuring out how they can get their names on the news and make all kinds of threats from whatever. So there's still a lot of things we don't know about what what went on behind the scenes with these recent attacks. And what what if any government officials or agencies were involved, but things that are beyond our pay grade? Probably?

Harry Brelsford  5:37 

Yeah, yeah. No, I like that phrase, too. Well, shout out again, to crib some security, folks. Be sure to bookmark that. And then, finally, So Michael, you're in your winter, what is a winter day? And thank you for the correction, Adelaide, Australia. What is a winter day? I mean, it said, in Fahrenheit, is it 5060s in the Fahrenheit maybe have a jumper or a sweater in the back of the car?

Michael Jenkin  6:05 

Yeah, okay. I'm not very good. With Fahrenheit Celsius, I can tell you, okay, but but it ranges across Australia. So, for example, there's a place in the river land that I had to do some work a couple of weeks ago. And that was minus four Celsius. Oh, it's a minus number, but it's not as bad as the numbers you guys have. And it can get as high as 10 or 11 degrees Celsius. So it's not super cold. But it's cold enough that we recognize it because we also have 40 44 degrees Celsius, which is over 100 110 Fahrenheit. I do know that number. Because Yeah, it comes up a lot here in Australia. But yes, we do get quite warm here. So it's covered probably more of the change between the seasons. It's so dramatic. Yeah, you are going from wanting to basically bathe in ice through to stand in your oven. quite dramatically different. And to be honest, this year has been very overcast, very wet, very cold compared to previous years. A lot of storm cells we've even had probably three times within about two weeks. Tornadoes here in South Australia, which is something historically we don't get. So this winter has been very unusual, which they're planning on the water patterns in the ocean and how it's going around at the moment and distributing heat and everything else. But I suspect you're experiencing that a bit in Texas as well with the wetter than average. I think that's all part of it all wrapped up together. Yeah.

Harry Brelsford  7:40 

Yeah. The part of town I live in the central part of Texas and coldest winter in 14, summer, summer in 14 years and ahead of plan on rain. How about you can you're down in Houston. And I know the heat has now arrived. What are your thoughts? And we'll call it good.

Ken Dwight  7:57 

Yeah, we were typical summer we had a week or two that it was maybe five degrees cooler for the high. Meaning it only got up to the high 80s instead of the low to mid 90s for the highs. So yeah. It was still summer in Houston. and humid hasn't changed.

Harry Brelsford  8:17 

All right. Well, guys, we'll see you next time. Thanks for your time.

Ken Dwight  8:20 

All right. Thank you, Harry, Michael, Jenny. Good seeing you all.

Michael Jenkin  8:24 

Have a great day. Bye bye.