Delicate Raw Hammer: an autopsy of REvil attacks against the Singapore financial institution
11:25 – 11:55(SGT) Thursday 3 December, 2020
The world has seen several surges of successful high-profile ransomware attacks since early 2020. In common beliefs, ransom attacks are straightforward hacking activities. However, there are more beyond the simple step of data encryption. This research presents the audience a close-up look into a ransom attack against a Singapore financial institute caused by PulseVPN vulnerability. It examines REvil’s delicate operation models under its raw hammer style power exhibition. It further surveys the underground eco-system which supports REvil’s success.
Firstly, the presentation will show all stages of hacker activity – from gaining access to lateral movement and encryption, methods of investigating these stages and hacker tools. It will also talk about the mistakes and happy accidents that made it possible to recover data and return the organization to regular remote work.
Secondly, the presentation will take a heuristic view of REvil threat actor group, its development, its relationship with other underground threat actor groups, and peek into its internal mechanism. The presentation will finish with exploration of ransom attack business models which drive the behavior of REvil like threat actor groups who prefer announcing its victims publicly.
Vitalii Trifonov
Group-IB
Vitalii – reverse engineer with more than nine years of experience in the field of malware research. His main interests are proactive protection technologies, incident response, threat hunting, threat intelligence, malware analysis. Having started his work as a malware analyst in 2011, he trained many malware analysts and incident responders and led a team of reverse engineers. Extensive knowledge of the tactics, techniques and behaviors of the APT groups, obtained both during the investigation of viruses and during the response to incidents, allows him to engage in threat hunting, incident response providing best services to the largest banks of Russia, Europe and Asia.
Feixiang He
Group-IB
Feixiang focuses on threat intelligence and malware research. He has extensive experience in mobile platform malware research and hacking campaign hunting in the wild. His recent published research papers include PerSwaysion, Agent Smith and Operation Sheep. Prior to his cyber security research life, Feixiang was a software developer in the investment banking sector. He has been working with various government agencies, domestic/super-national law enforcement organizations, and research institutes. He is passionate about collaborations across institutions and borders. He loves football
and cycling.
Sponsors and Supporting Organizations
Diamond Sponsors
Platinum Sponsor
Networking Lounge Sponsor
Supporting Organization
Associate Sponsors
