REvil Affiliate Off to Jail for Multimillion-Dollar Ransomware Scheme
Charges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering.
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
Charges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering.
At Least 33 Ernest Health Facilities in 12 States Are Reporting BreachesA Texas-based operator of rehabilitation hospitals is facing multiple federal proposed class action lawsuits in the wake of an apparent ransomware attack that affected dozens of its facilities in several states, potentially compromising the sensitive information of more than 101,000 individuals.
The new startup’s SaaS platform claims to help organizations detect ransomware attacks faster than “traditional” methods and to recover within 24 hours.
Also: Another Ivanti Zero-Day? And FBI Calls for Strengthening DMARC PoliciesThis week, REvil hacker sentenced; ZDI saw possible Ivanti-zero-day; FBI said to strengthen DMARC policies; Okta saw surge in credential stuffing attacks; French hospital refused to pay ransom; JPMorgan, debt collection agency and healthcare company were breached; and ex-NSA employee was sentenced.
Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. [...]
A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims
A US court has sentenced a Ukrainian national to 13 years and seven months in prison for his role in over 2500 ransomware attacks using the REvil strain
After extorting $700 million from thousands of victims A Ukrainian man has been sentenced to almost 14 years in prison and ordered to pay more than $16 million in restitution for his role in infecting thousands of victims with REvil ransomware.…
The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. [...]
The data from ReliaQuest also suggests LockBit faced a significant setback due to law enforcement action
Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed lawsuits since 2018 proving successful
Data Breach Report Lead Author Alex Pinto Discusses Top Findings, Best PracticesVerizon's 17th annual 2024 Data Breach Investigations Report highlights a troubling trend: The exploitation of vulnerabilities in the wild has tripled, primarily due to ransomware actors targeting zero-day vulnerabilities, such as the MOVEit flaw that triggered numerous data theft incidents.
Testifies that Citrix authentication snafu has cost the health giant dearly UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cyber-criminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal that didn't have multi-factor authentication enabled.…
The first quarter of 2024 saw the most ransomware activity ever recorded, Corvus Insurance found in a new analysis
UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [...]
While most healthcare sector organizations hit with ransomware attacks never imagine giving in to extortion demands, the pressures they face in dealing with the crisis often push about half of them to pay, said attorney Lynn Sessions of BakerHostetler, speaking about the firm's healthcare clients.