REvil - Darknet Diaries Recap

Podcast: Darknet Diaries

Published: 2022-10-18

Duration: 1 hr 4 min

Summary

This episode dives into the world of scams, focusing on a group of Brazilian individuals who created fake rideshare accounts using stolen identities. It also explores the evolution of ransomware with a focus on the notorious REvil malware and its origins from the GanCrab group.

What Happened

The episode begins with a wild scam story involving a Brazilian man named Gustavo who, while visiting the U.S., decided to drive for a rideshare company without having a valid U.S. driver's license. Gustavo managed to get approved by using someone else's stolen identity, a method that seems alarmingly easy given how much personal information is available online. Once he was successfully driving for rideshare, he even helped his girlfriend and friends do the same, turning their little operation into a team of five. They began selling these fake driver accounts on online forums, taking advantage of a market where many individuals were eager to drive but lacked the necessary licenses or insurance.

However, their fraudulent activities caught the attention of authorities, and eventually, all five were arrested for identity theft and money laundering. They each faced two years in prison for their elaborate scheme that exploited the rideshare and food delivery services during the pandemic. The narrative serves as a stark reminder of the lengths individuals will go to for quick cash and the persistent risks involved in the digital age.

The episode then shifts focus to a discussion with Will, a threat intelligence analyst who explains the origins and operations of the REvil ransomware. REvil emerged from the GanCrab group, which pioneered 'big game hunting' in ransomware attacks, targeting not just individuals but large companies to extort substantial sums of money. Will elaborates that GanCrab was not merely a piece of malware but also the name of the criminal organization behind it, which developed sophisticated methods for encrypting victims' hard drives and demanding ransoms. This segment sheds light on the evolution of ransomware tactics and the motivations behind targeting high-value organizations.

Key Insights

• Gustavo's story illustrates the accessibility of identity theft in the digital age.
• The rise of scams during the pandemic highlights vulnerabilities in gig economy platforms.
• REvil and GanCrab showcase the shift in ransomware tactics towards targeting larger organizations for higher ransoms.
• The episode emphasizes the continuous evolution of cybercrime and the importance of cybersecurity awareness.

Key Questions Answered

How did Gustavo manage to drive for Uber without a valid license?

Gustavo, a Brazilian tourist in the U.S., wanted to drive for a rideshare company but lacked a U.S. driver's license. He decided to use someone else's identity to register, likely taking advantage of the personal information available online. Although the specifics of how he forged the license aren't detailed, it highlights the ease with which individuals can obtain and misuse personal information in today's digital landscape.

What role did Gustavo's friends and girlfriend play in the scam?

Gustavo's girlfriend and three friends were also eager to participate in the scheme. Just as Gustavo had created a fake driver account for himself, he helped each of them set up their own accounts using stolen identities. This collaboration turned their operation into a five-person team, all benefiting from the illegal sales of rideshare driver accounts, which underscores how scams can quickly escalate when involving multiple participants.

What happened to the group after authorities discovered their scheme?

Once authorities caught wind of Gustavo and his friends' fraudulent activities, they launched an investigation that ultimately led to the arrest of all five individuals. The main charges included identity theft and money laundering, and each member of the group received a prison sentence of two years. Their story serves as a cautionary tale about the legal consequences of engaging in cybercrimes.

What is REvil and how did it originate?

REvil is a form of ransomware that emerged from a group known as GanCrab, which began its operations in April 2019. Will, a threat intelligence analyst, explains that GanCrab was significant not just for the malware itself but for pioneering the concept of 'big game hunting' in ransomware attacks. This strategy involved targeting large companies for hefty ransoms instead of focusing on individual victims, thereby increasing the potential financial gain for cybercriminals.

How does big game hunting differ from traditional ransomware attacks?

Big game hunting, as described by Will, represents a shift in ransomware tactics. Instead of targeting numerous individuals for smaller amounts, cybercriminals aim for larger organizations to extort significant sums of money. This approach reflects a strategic change in ransomware operations, focusing on maximizing profits by leveraging the vulnerabilities of big corporations, which can afford to pay higher ransoms compared to the average individual.