The hackers demanded $ 50 million (previously $ 70 million) in exchange for the information they received. This ransomware attack has been named the largest ever. The alleged culprit is the Russian cybercriminal organization REvil.
Despite her fame, no one really knows what Ravil is, what she is capable of, or why she does what she does – other than the immediate benefit she receives in the form of huge sums of money. In addition, large-scale distributed networks are often involved in ransomware attacks, so there is no certainty that the people involved know each other.
Ransomware attacks are on the rise and ransom demands are reshaping the internet. Understanding these groups and their goals is critical to defeating them.
5 Most Dangerous Cybercriminal Organizations
Below is a list of the five most dangerous criminal organizations operating on the Internet. To our knowledge, no government supports or sponsors these fraudulent groups.
DarkSide is the group that launched a ransomware attack on Colonial Pipeline in May that shut down the fuel distribution network in the United States, raising fears of a gasoline shortage. Apparently, this group first appeared in August last year. It targets large companies that could suffer from possible service outages, which is important because they are more likely to pay the ransom.
Such companies are also usually insured against cybercrime, which means easy profits for criminals. DarkSide’s business model is to provide blackmail services. In other words, they try to carry out ransomware attacks on behalf of other hidden criminals in order to reduce their responsibility. The criminal and the attacker then share the profits.
Cybercriminal groups also provide training through forums for those looking to improve their cybercrime skills. This may include training on how to combine DDoS attacks and ransomware programs to pressure negotiations.
2. REvil Group
The REvil group, which develops ransomware as a service, is now in the spotlight due to the Kasey case and the recent attack on international meat processing company JBS. The group was especially active in 2020-2021.
In April, REvil stole technical information about Apple’s as-yet-unpublished products from Quanta Computer, a Taiwanese company that assembles Apple laptops. To prevent disclosure of the stolen data, a ransom of $ 50 million was required. It is not yet known whether this amount was paid.
The Clop Group specializes in “double buyback programs”. This means that organizations are being approached and demanded a ransom for an encryption key that restores the organization’s access to stolen data. However, victims have to pay extra money to prevent the disclosure of information.
Examples show that organizations that have paid the ransom once are more likely to pay it again in the future. That is why hackers try to attack the same organizations over and over again and each time they demand more and more money.
4. Syrian Electronic Army
The Syrian e-army is not your typical cybercriminal group, but it has been conducting cyberattacks since 2011 to promote political propaganda. That is why it is called the hacktivist group.
Although this group is associated with the Bashar al-Assad regime, it is most likely made up of network supporters who are trying to help the Syrian army. Their method is to spread fake news through reputable sources. In 2013, one tweet sent by them from the official account of the world’s leading agency, The Associated Press, caused a stock market crash of billions.
The Syrian Electronic Army takes advantage of the fact that most internet users interpret and respond to content indirectly based on trust. They are a good example of the fact that the boundaries between criminal and terrorist groups on the Internet are not as clear as in the physical world.
If this list could include “supervillains”, it would be FIN7. FIN7 is the second group to operate from Russia and is arguably the most successful cybercriminal organization in history. It has been operating since 2012 and operates mainly as a business.
Many of its functions have gone unnoticed for years. Hackers use cross-attack scenarios in which a hack serves more than one purpose. For example, they can facilitate ransomware blackmail and at the same time allow an attacker to use information against victims, for example by reselling it to a third party.
In 2017, it was alleged that FIN7 was behind the attack on companies liable to the US Securities and Exchange Commission. Confidential information was used to obtain the ransom.
In this way, the groups made huge amounts of money by trading confidential information. Insider trading, made possible by hacker attacks, lasted for years, so the exact amount of financial damage cannot be calculated. However, it is estimated to have exceeded $ 1 billion