REVil are targeting industrial supply chain – new victims published in Dark Web
The multinational conglomerate Honeywell International Inc. has reportedly suffered a disastrous blow as the ransomware gang REvil has published tax and business documents allegedly belonging to Honeywell on the DarkWeb. Possibly, it is just a beginning of a larger breach which is a part of “hack & leak” game by REvil.
REvil (also known as “Sodinokibi”) was responsible for publishing documents related to the singer Lady Gaga back in May 2020, Spanish rail infrastructure manager ADIF, world-leading French electronics manufacturing services (EMS) company Asteelflash, multiple IT providers, media companies, law firms, and has reportedly been at it again publishing sensitive data belonging to Honeywell Inc, Tata Steel, and tech giants Acer.
Read more about how to protect yourself here
At this time, the leak seems limited to just tax and business documents and nothing more, however, more information will emerge in the coming days.
Honeywell with more than $32 billion in revenue (in 2020), announced the malware attack on its networks on the 23rd of March on their official WEB-site. The circumstances of the attack remain unclear and haven’t been disclosed.
[ALERT] REvil gang claimed to have hacked Honeywell International and leaked some data on DarkWeb. pic.twitter.com/XszvAZOtRr
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) April 10, 2021
It seems REvil might be behind this attack based on darknet rumours. The ransomware group actually took responsibility for the attack and announced it in “Happy Blog” located in TOR where they are publishing leaked data collected from victims.
Ransom is now up to $70 million.
Why this is bad for the industrial sector
As everyone around the world depends more and more on technology, the ability to shut down or destroy infrastructure, take control of machines and vehicles, and directly cause the loss of life has become a reality. The Fourth Industrial Revolution is speeding up integration of smart devices into all sectors of the economy which makes vendors and supply chain involved into it an especially attractive target for cybercriminals and nation-state actors.
For any business to succeed in digital transformation need to focus on cybersecurity as a vital component of every single process and decision they want to take with the digital transformation.
The data breach in industrial manufacturing is amongst the highest as compared to any other industry. A single breach averages $5.2 million in the industrial sector, according to the 2019 Cost of a Data Breach Report by the Ponemon Institute.
So, as you can imagine this is not looking good for Honeywell Inc.
On the 23rd, March Honeywell had announced to being a victim of another cyber attack with ReEvil allegedly being behind it, however, Honeywell responded with “we recently detected a malware intrusion that disrupted a limited number of our information technology systems. “
By the end of March REvil had mentioned Honeywell Inc. in a forum on the Dark web stating that the group would leak Acer and Honeywell data as both giants had not cooperated with ransom demands. REvil also stated they were not just looking at stealing data and locking out victims, but also plan massive DDoS attacks
According to Resecurity, an American cybersecurity company, the scope of the breach is not clear if not speculative yet, however, it is obvious this has connections with REvil. Resecurity went on to say that both intrusions could of happened as a result of leaked or compromised credentials to employee Citrix VPN or RDP access which is a typical vector in REvil operations. And highly likely that such access has been previously sold on the Dark Web by one of the hackers to the group.
“So called “Initial access brokers” – is a big concern and growing trend in Dark Web as they technically supply well-established ransomware gangs with access to various companies worldwide making their work much easier”, said Saraj Pant, a cyber threat intelligence analyst with Resecurity.
Researchers have said they have seen REvil expending its extortion tricks tactics and procedures (TTPs) in order to find out how to contact victim’s business associates and the media, in order to put on the maximum amount of pressure on victims to make them pay. With this REvil has recently announced capabilities to perform massive DDos attacks and also notifications of the victim’s partners to put even more pressure on them
At this time, no spokesman from Honeywell has come forward regarding the cyber attack claims or who they feel was responsible.
This is an ongoing story and will update regularly