He added, “In APAC, we noticed an interesting re-emergence of two highly-active groups, REvil and JSWorm. Both resurfaced as the pandemic raged in the region last year and we see no signs of them stopping anytime soon.”
REvil, in particular, has achieved quite a bit of infamy in the last few months. The hacker group reportedly claimed they breached Acer and demanded from the company the largest known ransom ever of US$50 million (~RM205.6 million). Separately, it was reported that REvil ransomware can apparently change Windows passwords and then automate a system’s file encryption via Safe Mode.
Kaspersky noted that, back in 2019, REvil hackers mostly targeted victims in the Asia Pacific – particularly in Taiwan, Hong Kong, and South Korea. Last year, however, the cybersecurity firm detected the group’s presence in almost all countries and territories.
According to Kaspersky, the biggest chunk of REvil’s industrial targets falls under the Engineering and Manufacturing category (30%) followed by Finance (14%) and Professional and Consumer Services (9%).