Earlier this year, Russian law enforcement arrested 14 members of the notorious REvil ransomware gang and dismantled their networks. It seemed like a successful takedown.
But now REvil–or someone claiming to be REvil–is back. (Something about which absolutely nobody in the information security field is surprised.)
Early activity of this REvil resurgence was limited to promoting a data leak site, but it escalated quickly. REvil claimed to have stolen data from Apple supplier Quanta Computer, including schematics for Apple products that have not yet been released. REvil demanded a $50 million ransom–from Apple, not Quanta.
This article predicts more such attacks, because third-party suppliers are attractive targets. They may have smaller security budgets and fewer resources than corporate giants like Apple, but they can still be troves of valuable proprietary information.
Suppliers often sell to multiple customers. Quanta “also supplies Dell, HP, and other large tech companies,” so REvil may be able to extort multiple high-value targets from a single successful attack. Defenders need to ask themselves what sensitive data may exist beyond the network perimeter.
Welcome to the era in which nobody gets to ignore the information security vulnerabilities of their supply chain–and an era in which your most successful customers will be paying increasing attention to your information security as well.
(The best place to start when learning about ransomware is this book by industry expert Allan Liska.)
