Unfortunately, there is no one-size-fits-all solution to preventing ransomware.
Sophos has focussed on the notorious REvil ransomware group, which conducts human-orchestrated attacks with ransom demands.
Sophos describes how it and a targeted company’s IT team engaged in live warfare with the attackers in a recent blog post. REvil ransomware criminals targeted a midsize media organisation in the hopes of extorting a multimillion-dollar ransom.
The REvil ransomware group’s attack eventually failed, but not before encrypting data on unprotected devices, deleting online backups, and decimating one undefended domain. The company hasn’t entirely recovered yet.
REvil, also known as Sodinokibi, is a popular ransomware-as-a-service (RaaS) solution that has been available since 2019. The developers of the REvil malware are willing to rent it to criminals. They can also add their own targeting and implementation tools and resources.
As a result, according to Sophos, the strategy and impact of the REvil ransomware attack are highly variable. It might be difficult for defenders to know what to expect and what to watch out for.