REvil’s Faux Pas Thwarts Massive Ransomware Attack

Months ago, the IT organization Kaseya suffered a massive ransomware attack from the notorious REvil gang.

Although the company wasted no time cauterizing the wound, it was a mystery how one of the largest cyberattacks was fended off.

The perpetrators released a statement where they detail how they shot themselves in the foot with a misjudged click.

“Our encryption process allows us to generate either a universal decryptor key or individual keys for each machine,” REvil stated on an illicit Russian-language forum called Exploit. “One of our coders misclicked and generated a universal key and issued the universal decryptor key along with a bunch of keys for one machine. That’s how we sh*t ourselves, ” said the gang on Friday morning.

REvil stated that they had to create 20 to 500 decryption code keys for every customer. The customer volume of Kaseya compromised in the attack was almost 1,500. Adding to the owes of REvil was that each customer had different network sizes.

Also Reads: LockBit Hackers Exploit Accenture to Compromises an Airliner!

In this melee, the universal decryption key was packaged along with the individual decryption keys. The affected customers who coughed up the ransom discovered this faux pas and alerted Kaseya, along with law enforcement departments.

REvil initially tried to save face by stating that the law enforcement departments leaked the universal key, which was doled out due to human error during the key generation process. Kaseya chose not to comment on the latest statement of REvil.

The Aftermath of the Kaseya Attack

The Aftermath of the Kaseya Attack

Although REvil’s error cost them millions, the gang managed to bag plenty of ransom. On Friday, REvil stated on two separate posts where they elaborated on the ransom payments.

The gang claimed to have bagged payments worth ‘over 10kk’, which is another way of stating that the collected ransom is worth more than USD 10 million.

Also Read: Accenture Suffers Ransomware Attack; USD 50 Million Ransom Demanded

However, it is nebulous as to who or where this ransom was extracted from. Flashpoint, which translated the Russian posts of REvil to English, didn’t comment further on this matter.

“The payments totaled over 10kk, and everyone knows about them,” REvil wrote on Exploit at 9:40 a.m. ET Friday. “No one was scammed. We are in contact with our affiliates; we aren’t hiding anything.”

Murky Waters


REvil appears to have landed itself in trouble as one threat actor recently initiated an arbitration case against REvil. The complaining threat actor reported that the REvil spokesman owed them money.

As REvil reappeared after their hiatus, which started in July, the threat actor asked for his dues as they are back in action. On Wednesday, the latter stated that the dispute had been resolved, and the arbitration case was shuttered.

Due to the attack’s magnitude, the ransomware attacks had recently become a point of discussion at the Biden-Putin meeting. Post-meeting, rumors sprang up that the Russian intelligence wing secured the decryption key to the U.S.A.

Also Read: Maze Ransomware Puts ‘Cognizant’ in Cybersecurity Risk

The rumors were fueled by the American administration’s decision to lift sanctions on Russian-European Nord Stream 2 oil pipeline. Two days after such rumors birthed off, REvil posted their faux pas information on Exploit.

Negating the rumors was Flashpoint, which opined that there is no such evidence that indicates the REvil’s hiatus and Biden-Putin summit are linked. Additionally, Flashpoint pointed out that the sanctions removal on Nord Stream 2 pipeline was on the agenda of the Presidents’ meeting.

However, one can’t miss the irony of how REvil’s undesired efforts came undone by few negligent clicks. Despite their intentions, REvil has once again proven that to err is human. But, one can’t afford to leave the security to chance and human error.

It is in the business’s best interests that the entrepreneurs secure their companies with the services of Stealthlabs. We tender robust security solutions which fortify your organization against evil cyberattacks.

Reach out to us and embrace better security services.

Contact Us

More Articles: