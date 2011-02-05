REvil Ransomware Gang Returns — Experts to Ensure Recovery by Protecting Backup Data

September 2021 by Jim McGann from CyberSense

As revealed this week, the cyber gang "REvil" has reactivated their negotiation portal for victims, signalling the return of future attacks. In response, security experts are warning organizations to strengthen defenses, especially around DR/backup data that will be needed to recover in such an event.

“REvil is intent on ceasing business operations and extracting exorbitant ransoms to recover. Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property. This is their target. The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with."

“Organizations have relied on their disaster recovery software to restore their environment after a crushing cyber-attack. REvil knows this and are focused on making this process more challenging. This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process. We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organization. The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”