WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
You’ve probably heard about what happened to Kaseya. Just as a refresher, the IT solutions provider announced that it was “experiencing a potential attack” against one of its solutions on July 2 and ordered customers to shut down their product servers while they waited to hear more. A day later, Kaseya urged customers who encountered ransomware to avoid clicking on any links.
Huntress examined the forensic patterns, ransom notes, and the Tor URL used in those ransomware instances. In the process, it determined that an affiliate for the REvil ransomware group was most likely behind the attack. The REvil affiliate extorted victims individually at first, but it eventually demanded $50 million in exchange for a universal decryptor, per Bleeping Computer.
To better understand the Kaseya supply chain attack, we can look back to some of REvil’s recent history. The ransomware strain first arose in April 2019 after GandCrab, another Ransomware-as-a-Service (RaaS) operation, shut down. Security researchers initially identified REvil as a strain of GandCrab. Years later, an alleged member of the REvil group known as “Unknown” confirmed that they had built their strain on top of GandCrab’s codebase.
Like GandCrab, REvil functions as a RaaS where its developers supply payloads to affiliates for staging their own attack campaigns. Affiliates get to keep upwards of 70% for running those attacks, stealing data, and deploying the ransomware, noted Bleeping Computer in October 2020. The developers keep the remaining 30%, an arrangement through which they made more than $100 million in a single year.
REvil’s profitability hinges on the fact that its affiliates mainly go after corporate networks, not individual users. The logic here is that the attackers can cause a bigger disruption and encrypt more computers that way. By extension, they can demand higher ransoms.
Just look at some of REvil’s targets from this year alone. Provided below are a few highlights:
As the attacks discussed above illustrate, the REvil gang has a penchant for maximizing payouts from victims. That would explain why REvil attackers sometimes try to extort victims for the same stolen data even after they’ve received a payment, noted ZDNet.
Sometimes, but not always. Take the Kaseya attack. As Bleeping Computer wrote at the time, the REvil affiliate didn’t rely on their usual method of deleting backups, didn’t gain extensive network access, and didn’t steal data from the organizations affected by the attack. Many victims of the attack therefore elected not to pay.
Less than two weeks after the Kaseya attack, Bloomberg reported that all REvil’s infrastructure went offline. It’s unclear from this writing whether the group decided to go dark or whether law enforcement succeeded in taking down their operation. It’s also unclear whether the attackers will resume their attacks and/or rebrand as another operation at some point.
One thing is clear, though: REvil is just one of countless ransomware operations that would seek to prey upon organizations, disrupt their business functions, and steal their data. There’s plenty for organizations to defend themselves against—even in REvil’s absence. They just need to figure out how to keep themselves safe in the first place.
All of us at ReliaQuest wanted to take the guesswork out of ransomware protection, so we designed the GreyMatter platform to be an all-in-one tool that provides organizations with the visibility, detection, threat intelligence, and response capabilities they need to defend themselves against digital threats such as ransomware. GreyMatter works by delivering Open XDR-as-a-Service, visibility which helps security teams to identify, detect, and respond to incidents more quickly. It also comes with valuable reporting tools that they can use to analyze an incident and improve their security posture going forward.
If you are attending Black Hat this year, Marcus Carey and I will be presenting “How to Operate a Successful Ransomware Campaign,” Thursday, August 5, from 11:30am–12:20pm (Business Hall Theater C) where we will discuss how ransomware gangs operate as a business. If you want to learn how to investigate a ransomware incident in ReliaQuest’s GreyMatter platform, from first alert to identifying root cause and business impact, come see us at booth #1747.