They patronize hacking forums to recruit affiliates, advertise profit-sharing schemes and provide interviews on their techniques.
REvil, the Russian-linked hacker group the FBI said is responsible for the cyberattack on JBS SA, the largest meat producer in the world, has emerged as one of the most prolific — and public — ransomware groups in recent years.
The hackers, also known as Sodinokibi, have been at the forefront of the ransomware-as-a-service model of cyberattacks since the group first came to prominence as a security threat in 2019. In this model, hacker groups provide malware for others to use in an attack in exchange for a cut of the ransom payments.
In order to recruit talent, REvil deposited $1 million in Bitcoin as a way to give potential affiliates peace of mind that they would get paid. “Audaciousness is part of their persona,” said Allan Liska, a senior threat analyst at the cybersecurity firm Recorded Future Inc.
Ransomware has become a thorny problem for the Biden administration, particularly after an attack last month on Colonial Pipeline Co. squeezed fuel supplies along the East Coast. Other recent attacks have targeted the police department in Washington, D.C., a hospital network in California and now a major meat supplier.