Cyber Security

Russian Ransomware Group REvil Back Online After 2-Month Hiatus

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.

Two of the dark web portals, including the gang’s Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, five days before the sites mysteriously went off the grid on July 13. It’s not immediately clear if REvil is back in the game or if they have launched new attacks.

“Unfortunately, the Happy Blog is back online,” Emsisoft threat researcher Brett Callow tweeted on Tuesday.

The development comes a little over two months after a wide-scale supply chain ransomware attack aimed at Kaseya, which saw the Russia-based cybercrime gang encrypting approximately 60 managed service providers (MSPs) and over 1,500 downstream businesses using a zero-day vulnerability in the Kaseya VSA remote management software.

In late May, REvil also spearheaded the attack on the world’s largest meat producer JBS, forcing the company to shell out $11 million in ransom to the extortionists to recover from the incident.

Following the attacks and increased international scrutiny in the wake of the global ransomware crisis, the group took its dark web infrastructure down, leading to speculations that it may have temporarily ceased operations with the goal of rebranding under a new identity so as to attract less attention.

REvil, also known as Sodinokibi, emerged as the fifth most commonly reported ransomware strains in Q1 2021, accounting for 4.60% of all submissions in the quarter, according to statistics compiled by Emsisoft.

Products You May Like

Articles You May Like

Oppo Find N Fold, Find N Flip in Development; to Feature Snapdragon 8+ Gen 1 SoC: Report
Xiaomi Smart TV 5A Pro 32-Inch With Quad-Core CPU, Dolby Audio Launched in India
Samsung Boss Lee Jae-Yong Receives Presidential Pardon in Bribery, Embezzlement Cases
Best Buy Trims Jobs After It Cuts Sales and Profit Forecast Citing Surging Inflation
Australian Supercomputer Creates Image of Supernova Remnant Using Radio Telescope Data

Leave a Reply

Your email address will not be published.