What to expect when you’ve been hit with REvil ransomware

By Harish Chib, vice president, Middle East & Africa

REvil, also known as Sodinokibi, is a widely used, conventional ransomware-as-a-service (RaaS) offering that has been around since 2019. Criminal customers can lease the REvil ransomware from its developers, adding their own tools and resources for targeting and implementation. As a result, the approach and impact of an attack involving REvil ransomware is highly variable. This can make it hard for defenders to know what to expect and look out for.

The following information may help IT admins facing or proactively concerned with the impact of a REvil ransomware attack. The findings are based on insights from the Sophos Rapid Response team, which has investigated multiple cyberattacks involving REvil.

What to do immediately: contain and neutralize

The first thing you need to do is determine whether the attack is still underway. If you suspect it is, and you don’t have the tools in place to stop it, determine which devices have been impacted and isolate them immediately. The easiest option is to simply disconnect from all networks. If the damage is more widespread than a few devices, consider doing this at the switch level and taking entire network segments offline instead of individual devices. Only shut down devices if you can’t disconnect the network.

Second, you need to assess the damage. Which endpoints, servers and operating systems were affected, what has been lost? Are your backups still intact or has the attacker deleted them? If they are intact, make an offline copy immediately. Also, which machines were protected? They’ll be critical in getting you back on your feet.

Third, do you have a comprehensive incident response plan in place? If not, you need to identify who should be involved in dealing with this incident. IT admins and senior management will be required, but you may also need to bring in outside security experts and consult with cyber insurance and legal counsel. Should you report the incident to law enforcement and/or inform data protection authorities? There is also the question of what information you should give to employees, many of whom are likely to find a similar ransom note on their desktop.

Last, but definitely not least: you’ll need to contact these and other key people, such as customers, to let them know what’s happening, but the attackers may be eavesdropping so don’t use your normal channels of communication. If the intruders have been in your network for a while, they’ll probably have access to email, for instance.

What defenders can do

There are some proactive steps you can take to enhance your IT security for the future, including:

  • Monitor your network security 24/7 and be aware of the five early indicators an attacker is present to stop ransomware attacks before they launch
  • Shut down internet-facing remote desktop protocol (RDP) to deny cybercriminals access to networks. If you need access to RDP, put it behind a VPN or zero-trust network access connection and enforce the use of Multi-Factor Authentication (MFA)
  • Educate employees on what to look out for in terms of phishing and malicious spam and introduce robust security policies
  • Keep regular backups of your most important and current data on an offline storage device. The standard recommendation for backups is to follow the 3-2-1 method: 3 copies of the data, using 2 different systems, 1 of which is offline. Also test your ability to perform a restore
  • Prevent attackers from getting access to and disabling your security: choose a solution with a cloud-hosted management console with multi-factor authentication enabled and Role Based Administration to limit access rights
  • Remember, there is no single silver bullet for protection, and a layered, defense-in-depth security model is essential – extend it to all endpoints and servers and ensure they can share security-related data
  • Have an effective incident response plan in place and update it as needed. If you don’t feel confident you have the skills or resources in place to do this, to monitor threats or to respond to emergency incidents, consider turning to external experts for help

Conclusion

Dealing with a cyberattack is a stressful experience. It can be tempting to clear the immediate threat and close the book on the incident, but the truth is that in doing so you are unlikely to have eliminated all traces of the attack. It is important that you take time to identify how the attackers got in, learn from any mistakes and make improvements to your security. If you don’t, you run the risk that the same adversary or another one might attack again in the future.

The Arab Water Council and Partners Convene the Environment & Development Forum 2022; The Road to Sharm El Sheikh Climate Change COP27 under the Patronage of the Government of Egypt Presidency of COP27

To be convened by the Arab Water Council under the patronage of the Government of Egypt Presidency of Climate Change COP27, the Ministry of Foreign Affairs of Egypt, in cooperation with the Ministry of Environment, the Environment and Development Forum 2022 will take place at InterContinental City Stars Cairo, Egypt from September 11 to 13, 2022 gathering national, regional and international partners, in preparation for the upcoming COP27.

The three-day Forum brings together thought leaders across different sectors and industries in this unique Event highlighting environment and development climate change impacts and solutions including adaptation and mitigation measures in several sectors.  Themes to be discussed include clean and renewable energy, sustainable development, ecological conservation, biodiversity protection, CO2 emissions control, food and water security under climate change, as well as sustainable transportation and cities.

Pre COP discussions will have a significant impact in supporting thepreparation for the Climate Change COP27 through forming of relevant visions and initiaives and improving collaboration amongst decision makers and environment and sustainable development experts.

 The Forum will focus on developing recommendations for the Sharm El Sheikh COP27, highlighting innovation and advancement in environment protection and identifying key challenges facing climate change and the best sustainable development strategies to overcome them.

H.E. Professor Mahmoud Abu-Zeid, Arab Water Council President, World Water Council Honorary President and Former Minister of Water Resources & Irrigation of Egypt

H.E. Professor Mahmoud Abu-Zeid, Arab Water Council President, World Water Council Honorary President and Former Minister of Water Resources & Irrigation of Egypt said: “We are pleased to convene the Environment and Development Forum as a global platform for innovators, experts, government representatives, and international organizations to discuss climate change impacts, and measures to mitigate and adapt to this global challenge.  The event will also host an Expo to demonstrate technologies and innovations in the field”.

H.E. Yasmine Fouad, Minister of Environment, COP27 Envoy and Ministerial Coordinator reiterated, ” The lack of sustainable measures has affected the planet’s equilibrium, and we hope this Forum will be a platform for cross border cooperation and collaboration to address climate change challenges.  In fact, we see the EDF 2022 as a key milestone for Egypt in preparations for the COP27 of the UNFCCC. The Forum will pave the road with concrete ideas and innovative solutions for the future generations by which they can face climate change impacts, as well as overcome all negative impacts of urbanization, population growth, and thus head towards the achievement of sustainable development”.

H.E. Yasmine Fouad, Minister of Environment, COP27 Envoy and Ministerial Coordinator

The interactive Forum will discuss key eight Main Themes and three Cross-cutting Themes, all addressing climate change challenges on most countries’ agendas.  Research & Development, Policies & Strategies, Green Finance, Knowledge Sharing, Skills & Human Capital Development, Creativity and Technology Innovation are tools and solutions which will be discussed.  A Youth and Innovation Stage will provide an opportunity for a platform to demonstrate youth initiatives.

There will be more than 50 speakers in the panel discussions andnumerous technical workshops covering key challenges and trends.  The world-class international exhibition for the latest innovative technologies and equipment will provide a meeting place for stakeholders to watch.  The EDF Awards are yet another aspect of the -Forum, created to recognize and honour best practices for Waste Reduction, Net Zero initiatives, Innovative Climate Change Adaptation/Mitigation Products, Green Building and Best Water Savings and Reuse.

With the presentation of new technologies in the environment and development, the Forum intends to look for solutions for climate change, environmental governance, waste management, land resources management, clean energy transformation, sustainable growth and sustainable transportation.

Sponsors and exhibitors will be showcasing their products, technology and innovations in the climate change space for over 800 conference delegates who are committed to driving change, reducing their carbon emissions and building more sustainable futures for their business.   More than 30 countries will be attending. The attendees include Ministers and Government Agencies, Global Policy Makers & Regulators, International & Regional Organizations, Chief Executive Officers, Managing Directors, General Managers, Directors for Climate Change Action, Water and Agriculture Experts, Heads of Carbon Capture and Utilization, Chief Technology Officers, Carbon Management Technologists, Scientists and Researchers, Heads of Climate Change, Heads of Clean Energy & Sustainability, Chief Economists, Heads of Finance & Investment and local and international media.

The Forum COP27will be organised by Great Minds Events Management, a Dubai-based multi-faceted event management company of international repute, having organized numerous successful Forums and exhibitions that highlight critical issues faced by various economic sectors and industries across the MENA region.