Being REvil pays. Here’s how it affects your organization.

Cyber Ransom and Extortion has been excellent business for organizations like REvil (also known as Sodinokibi) for the past three years. In the first half of 2021, the group extorted an average payment of $2.25 million from recorded cyber attacks. The group's early career involved distributing malicious advertising and malware tools and quickly expanded into an elite cyber extortion organization whose trademark involves delivering debilitating attacks against businesses and governments worldwide.

If your initial impression of an organization like REvil is one of hooded hackers in a small dorm room playing pranks, think again. Increasingly, organizations like REvil are well-organized, syndicated crime groups with hundreds if not thousands of participants. Moreover, their recent moves to providing ransomware as a Service (RaaS) to less technically sophisticated hackers worldwide have expanded their reach and potential harm beyond easily identified and targeted large organizations to much smaller unknowns.

Today, every company must consider its liabilities internally and externally in the event of an attack:

1. What would happen if every single file inside the organization is irretrievable for a short time or forever?

2. What happens if sensitive emails (legal, C-level, board, finance, security) are accessed?

3. What if sensitive client or partner information is exfiltrated?

4. What if personal information on employees is used to target them in a personal attack?

5. What if any of the sensitive information above is leaked onto the open Internet?

6. Is there individual legal liability for Company management (as a result of the attack itself, or their inability or unwillingness to prevent it?)

7. What will the reputational damage to the company, leadership, municipality, or brand be?

While larger organizations may have access to resources that enable them to limit exposure, last Friday, we witnessed what may be the most significant ransomware attack in history, targeting some 800 to 1,500 businesses around the world. Rest assured, some of the smaller companies attacked will fail to survive (according to CyberCrime magazine, in 2019, some 60% of small companies close within six months of being hacked).

Even today, the attitude persists that organizations can "slip under the radar" and remain safe from being targeted by hackers if they are small or stealthy. But, with automated bots working tirelessly around the clock, searching for vulnerabilities in every system across the Internet, and an increasing number of bad actors needing only to license Ransomware-as-a-Service to devastate unwitting victims, we are only at the beginning of a long and protracted war.

The only question is whether your organization will become one of the early casualties of that war or survive another day.