October 29, 2021 | Frank Smith

REvil Attack: Why Ransomware Recovery is a Must for Small to Medium Scale Businesses 

A local Swedish grocery chain. An IT services company in Germany. A pharmacy chain in South Carolina. These are amongst the many local small to medium scale businesses that were affected by a massive cyberattack conducted by group known as REvil, which demanded $70 million in cryptocurrency from the victims in return for the data they held. The whole REvil attack proved that ransomware recovery is essential for every business in today’s world.


2nd of July (The night of the attack):

The Russian-linked notorious gang that is well known for extorting $11 million from JBS, led one of the single biggest global ransomware attacks by breaching Kaseya and using their VSA software as a conduit to spread the virus to small and medium business associates that availed their IT services.     

3rd July (Kaseya confirms ransomware attack): 

 The hack initiated a domino effect, which ended up affecting more than 1500 businesses around the world. It is the latest incident in a series of pandemic style attacks that have happened this year, resulting in a notable reaction from the FBI, US government, and other officials. 

5th of July (REvil takes responsibility of the attack):  

A ransom note is posted on the “Happy Blog” used by REvil where it took the responsibility of the attack. The group claimed that they have infected more than 1 million computer systems around the world and affected at least 200 U.S. companies.   

They demand a total of $70 million to be paid in Bitcoin for a global decryption key that can decrypt all the affected systems.  

9th of July (Joe Biden addresses the issue): 

“I made it very clear to [Putin] that the United States expects, when a ransomware operation is coming from their soil even though it’s not, sponsored by the state, that we expect them to act if we give them enough information to act on who that is.” Biden said on the Friday afternoon after the attack.  

While President Biden instructed everyone involved to direct all available resources to investigate the incident, the FBI officials investigating the attack have made it clear that the scale of the hack makes It impossible for them to address each victim individually.

13th of July (REvil gang disappears from the internet): 

The payment website and blog linked to REvil suddenly becomes unreachable. While the reason for their disappearance is still unknown, many people speculated that the group may have been target by the US or Russian authorities. 

The timing of their disappearance is highly linked with a statement that Joe Biden made on the 9th of July as he hinted, 

“If Russia doesn’t take the necessary steps to control the group, the United States of America could take direct retaliation on the servers used for hack.”    

22nd of July (Kaseya acquires the universal decryption key): 

On the morning of 22nd July, a spokesperson of Kaseya confirms that they have received the universal decryption key for the recent REvil attacks. However, he refused to reveal the source, claiming that they received it without paying any ransom from a trusted third party.  

"We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor.", he further said in his statement.  

11th of August (Decryption key is leaked online): 

The final incident in this attack happened on 11th of August when the universal decryption key for the REvil attack got leaked online on forums and different platforms. The key was later used by all victims of the Kaseya attack to recover their files. 

REvil May Have Disappeared from the Internet, but the Dangers of the Ransomware Still Linger 

While the REvil ransomware gang may have gone offline after the attack, a successor by the name of BlackMatter has already taken its place. This goes to show that ransomware has become an absolute problem that needs to be addressed through enterprise security if we want to end this cycle of attacks.  

Ransomware groups run like a business, feeding on small to medium scale companies as they don’t have proper cyber security solutions. The REvil attack is a prominent example as Kaseya, which is a large-scale business, didn’t suffer as much as the other 1500 small to medium scale businesses linked to it were.  

While Kaseya had the means to handle the aftermaths of the attack in form of an IT department and skilled professionals, its affiliates were left stranded and had no option but to close down their stores, resulting in a huge financial loss.  

It is still not clear whether REvil has quit for good or not, but it has been made clear that there is a whole market for ransomware-as-a-service (RaaS). REvil associates which hired their services are switching to other cyber criminals like LockBit and BlackMatter. To deal with these attacks, enterprise security and cyber security solutions are a must as it gives businesses a front line defense against hackers.

So, REvil was only a mere outlet for ransomware and their disappearance means nothing as there are plenty of other cybercriminals out there smelling blood. And as smaller to medium scale businesses are always hit the hardest, they need to ensure that they don’t have any vulnerabilities in their network. The best way to do it is to have a ransomware recovery plan and hire professional services for protection.

Overall Cost of Dealing with a Cyber Attack and Ransomware Recovery

  • Downtime 

  • It is understandable why some companies prefer to pay the ransom instead of trying to fix the situation. On average, ransomware nearly causes a downtime of 9.6 days, resulting in a loss of $141,000 due to a loss of business productivity. A lot of SMBs are not able to cope up with this kind of loss and either go out of business or have to readjust their whole business structure.  

  • Productivity  

  • If your business completely depends on the internet, the drop in staff productivity is going to cost you a lot of money. Not only will your IT department be completely focused on recovering from the attack and restoring the system, but your employees won’t be able to complete their tasks resulting in a major impact on your deliverables.  

  • Ransomware Recovery 

  • Small to medium scale businesses don’t have the budget or the needed skills and manpower to deal with a ransomware attack. In order to restore your system, you will have to hire enterprise security solutions, which is going to require a lot of money. The overall cost of remediation  which includes data loss and operational inefficiency nearly doubled from an average of $761,106 in 2020 to $1.85 million in 2021 

  • Legal Fees 

  • The woes of ransomware not only end with businesses have to deal with operational losses, but there are a lot of legal repercussions that come with it. If your company is found negligent and you don’t have proper cybersecurity protocols in place, you could be looking at a hefty fine from HIPPA and GDPR that could cripple your business. 

  • Reputation 

  • Last but not least, it is not a surprise that if you are a victim of a ransomware attack and it is publicized, you would be looking at irreparable damage to your repute. Almost 70% of customers say that they would never trust an organization that experienced a data loss  and would stop doing business with it altogether.  

      Crunching the Numbers:  

      When you combine all the direct and indirect cost of dealing with a ransomware, the overall number adds up to an average of about $1.5-2 million. If a small to mid-sized business has to deal with this kind of loss, it will never be able to get back on its feet and eventually run out of business. So, a question that needs to be answered is what’s the best course of action SMBs can take in face of an attack.  .

      How Can a Ransomware Recovery and Protection Service Help You? 

      Ransomware attacks have been on a steady rise as hackers are capitalizing on every opportunity they get. If you are running a business, it falls upon you to make sure that you are doing everything that you can to fend off all the attacks thrown at your side. From tech to healthcare, there is no industry in the world that can claim to be safe from ransomware attacks.  

      Best Ransomware Recovery has been in the trench for years, acting as a shield for SMBs so that a ransomware attack is the least of their worries. We offer the most advanced technology and ransomware recovery services, which ensures that you don’t have to face the same fate as the 1500 REvil attack victims.