June 1, 2020

REvil Hacker Group Strikes Again: ‘Vierra Magen Marcus’ and ‘Elexon’ Data Leak

REvil Ransomware Hacker Group latest hacking news. ‘Vierra Magen Marcus’, ‘Elexon’, 'Sri Lanka Telecom' become the next target for ransomware data breach.

REvil Hacker Group Strikes Again: ‘Vierra Magen Marcus’ and ‘Elexon’ Data Leak

REvil group is a notorious cyberattacker gang, that is infamous for many ransomware hackings in the recent past. They rose to fame in early May 2020, after the influential Grubman Shire Hack News, but have been active since 2019. Their main gameplay is to hack high profile corporations, and breach their data with ransomware.

In the latest REvil hacking news, 2 organizations namely Vierra Magen Marcus and Elexon have been their most recent data breach targets. Let’s get in depth of both reports,

REvil – Vierra Magen Marcus Data Breach

Vierra Magen Marcus LLP is an intellectual property law firm with clients ranging up from Fortune 500 to emerging SMEs. Like in the case of Grubman Shire data breach, Vierra Magen is also a legal firm and has been providing legal counsel since 2001.

REvil ransomware operators, just last week, posted highly confidential information from VMM, worth 1.2 TB. The data leak consisted of:

  • Non Disclosure Agreements
  • Company Patents
  • Sensitive Files and Data
  • Multiple Sources
  • And more

Below are few screenshots from the Vierra Magen Marcus data leak, sorted by client/ company names:

REvil – Elexon Data Breach

Elexon is associated with British electricity wholesale market and administers BSC – Balancing and Settlement Code. They play a crucial role in managing the supply-demand chain of generators and suppliers in the UK electricity industry.

According to Cyble, a cybersecurity firm, Elexon’s digital data was breached on May 14, 2020, but was leaked by the ransomware group just a couple days back. The leaked Elexon data dump has been analysed and verified as legitimate. It includes high value information like:

  • Elexon confidential Files
  • Passport Copies
  • Enterprise Renewal Applications
  • Enterprise Analysis Data
  • And more

Few snapshots of the Elexon data leak:

REvil – Sri Lanka Telecom Hacked

In another recent REvil cybercrime news, Sri Lanka Telecom has been allegedly infiltrated by the ransomware gang. SLT is the nation’s largest fixed line operator, who recently underwent a cyberattack.

In an official statement, Sri Lanka Telecom stated that their internal servers were compromised with the ransomware, but they have overcome the situation now and are dealing with it. Their quick workaround was to isolate the threatened systems and implement corrective measures. Luckily, none of their machines with customer information or services were impacted during the cyberattack.

REvil Data Leak – Motive and Impact

Clear from the incidents above, REvil is notoriously spreading its evil wings over any significant IT systems throughout the globe. According to their prevailing pattern, REvil’s agenda is quite simple:

  • They target an influential or data-rich firm
  • Inject the ransomware (most likely their weapon of choice ‘sodinokibi’)
  • This blocks, corrupts or infiltrates the organizations’ sensitive information
  • Next, REvil sends threat notes demanding a huge sum of money
  • If the company fails to payoff in time, REvil operators either:
  • Leak the data publicly, or
  • Auction off valuable data to the highest bidder

Staying true to their reputation, REvil has recently auctioned off Donald Trump’s sensitive information obtained from Grubman Shire data breach, and have next placed an ad to sell Madonna’s business data for 1 Million Dollars in cryptocurrency.  

If you’re a business with high-stakes data information, you should definitely think about investing in a state-of-the-art cybersecurity system, avoid careless mistakes and pay special attention to:

  • Keeping alpha-numeric, strong and non-obvious passwords (including all your staff and systems)
  • Never click on unauthenticated links
  • Always check the url before giving any login or sensitive credentials
  • Use firewall and keep your antivirus up to date