As the security community continues to question who was responsible for the sudden disappearance of the REvil ransomware gang, the threat actor’s current victims are left to pick up the pieces, now that the option to negotiate and pay is off the table.
While companies are advised by law enforcement not to cooperate with ransomware demands, payment sometimes remains the lesser of two bad outcomes. So, if this was a case of U.S. law enforcement authorities cracking down on REvil, then such actions came with collateral damage.
Kaseya suffered a REvil attack which facilitated hundreds of other firms to be attacked.
Of course, it’s also possible that Russia helped shut down the group’s operations in response to U.S. President Joe Biden’s demands for cooperation in the fight against ransomware. Or the actors may have decided to pull up stakes, at least for now, after feeling the heat following its high-profile supply chain attack on IT software company Kayesa and the users of its VSA remote monitoring product, as well as its infection of food processing company JBS. In the end, the results are the same: REvil’s resources, including its blog and payment sites, were taken offline.
Still, the question remains: Should law enforcement authorities take into consideration the fate of current victims before executing a takedown, or is it more important to take care of the bigger picture, which is eliminating the threat? To us at BLAKFX, even though we empathize with your situation, the answer is no. The best case scenario of course would be if law enforcement were able to access keys prior to dismantling the ransomware operation. However, this will likely be a longshot.
For companies that do find themselves stranded in this situation, there may still be a small ray of hope.
There is always a chance that decryption keys will be released in the future by REvil or someone else.
The only other option is manual recovery and a bolstering of SOC capabilities – often a laborious exercise and a hard lesson learned.
Any such manual recovery will likely rely heavily on backup copies, so it’s critical that they were regularly saved, maintained and protected.
As for REvil itself, companies and law enforcement should not be surprised if the threat actor resurfaces in the future under a new incarnation.
While REVil remains in hiding, the best solution is to install the Helix22 data security SDK. Helix22 not only protects against ransomware threats, it eliminates the threat competley..
Our mission for 2021 is to end ransomware threats.
Review Helix22 API, examples and documentation on our GIT
Ransomware Auditing as a Service (RaaS): as ransomware attacks skyrocket, they have come to represent the biggest threat to the data of government agencies, military, intelligence agencies as well as private enterprises. BLAKFX developed the first in the world Ransomware Auditing as a Service (RaaS) platform which allows our cyber security engineers to scan your network and simulate real-world ransomware attacks to test prevention, detection and mitigation strategies of your organization and establish how resilient your network is to real ransomware attacks. After the scan we provide a comprehensive report and our recommendations for remediation.
As importantly, if you are the victim of an actual ransomware attack, we are able to recover the data that has been hi-jacked during the attack and due to Helix22’s patented DNA BindingTM cryptography, restore it to its original state.
We can make this restoration claim as the tech engineers at BLAKFX invented and patented a genuine device2device (D2D) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity at all for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
One final practical genius of DNA BindingTM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.
Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
In the BLAKFX data security world, ransomware or any other data centric attack cannot have any affect on your systems or data.
The Helix22 data security SDK accomplishes the following:
- Protects all your firms data at rest, in use and in transit
- Renders ransomware threats obsolete
- Eliminates human error
- Eliminates all malicious or interior attacks
- Verifies original content i.e. minimizes the threat of impersonation attacks and deep fakes
- Reduces latency
- Installs with 5 lines of code
- Runs on any platform, network, device and in any programming language
- Provides perfect future/forward secrecy
- Delivers “zero-knowledge” encryption
- Compatible with all cloud, 3rd party and vendor services
- Ensures privacy and security for blockchain and all cryptocurrency transactions
- Is quantum ready – so there’s no need to upgrade when the time comes
- Requires no employee training
- Exceeds all gov’t and banking standards
- Meets compliance regulations
The new era of data security is one that requires new solutions. The era of perimeter defenses is over as it is proving impossible to keep hackers from breaching the perimeter and accessing data. Further E2E encryption based on old models of RSA cryptography are obsolete as quantum computing becomes mainstream.
In Math We Trust
BLAKFX is Based on Success
Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.
Founder – Robert Statica PhD Founder – Kara Coppa
Co-Founders of Wickr KatimTM Ultra Secure Smartphone