REvil, a Russian hacker group, caused an uproar when it revealed that it had hacked into a popular casino equipment supplier. The group has sent in a ransom demand Gaming Partners International (GPI) and is threatening to release sensitive data if the ransom is not paid before the 3 day deadline.
GPI made the announcement public over the weekend, revealing that its servers had been compromised. GPI servers are home to over 540 gigabytes of highly sensitive data that includes important contracts, financial documents as well as the company’s technical documentation.
This attack is not REvil’s first rodeo; their most recent attack was against Grubman, Shire, Meiselas & Sacks. The law firm also received a ransom demand and refused to pay the ransom that was demanded. This prompted the hacker group to auction off all the company’s data.
The statement released by the hackers claimed that they had gotten hold of GPI’s Mexico and Macao servers, and they were demanding payment in exchange for decryption and their silence. They vowed to release all the information to the public, an action that would could lot of trouble for clients associated with Gaming Partners International. There was no specific financial demand in the public statement, and attempts by media to get more clarification on the issue from GPI have not yielded any fruits.
REvil has been staging similar attacks for a quite some time now. At one point, they claimed to have damaging information on President Donald J. Trump, which never amounted to anything. The group usually launches a typical ransomware attack, breaks into servers and steals confidential information. A ransom threat follows and if their demands are not met, they keep their word and release all of the confidential info to the public domain.
Brett Callow, a threat analyst from Emsisoft, said that most companies that find themselves in this situation do not have many options. They usually have to decide between refusing to pay and accepting the fact that confidential info will be made public or paying the ransom, banking on the word of a hacker without any assurances that copies of the data have been destroyed.
Callow further added that the probability of the hackers holding on to the information for future extortion schemes is very high.
The hacker group recently shared in an interview with a Russian tech blog that the group’s preferred method of attack is through the Remote Desktop Protocol that gives them remote access to a computer via the internet. Cybersecurity experts are advising companies to disable the RDP on their computers and to switch to updating their software as frequently as possible.