Russian Ransomware Group REvil Back Online After 2-Month Hiatus

Cyber Security

Products You May Like

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.

Two of the dark web portals, including the gang’s Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, five days before the sites mysteriously went off the grid on July 13. It’s not immediately clear if REvil is back in the game or if they have launched new attacks.

“Unfortunately, the Happy Blog is back online,” Emsisoft threat researcher Brett Callow tweeted on Tuesday.

The development comes a little over two months after a wide-scale supply chain ransomware attack aimed at Kaseya, which saw the Russia-based cybercrime gang encrypting approximately 60 managed service providers (MSPs) and over 1,500 downstream businesses using a zero-day vulnerability in the Kaseya VSA remote management software.

In late May, REvil also spearheaded the attack on the world’s largest meat producer JBS, forcing the company to shell out $11 million in ransom to the extortionists to recover from the incident.

Following the attacks and increased international scrutiny in the wake of the global ransomware crisis, the group took its dark web infrastructure down, leading to speculations that it may have temporarily ceased operations with the goal of rebranding under a new identity so as to attract less attention.

REvil, also known as Sodinokibi, emerged as the fifth most commonly reported ransomware strains in Q1 2021, accounting for 4.60% of all submissions in the quarter, according to statistics compiled by Emsisoft.

Products You May Like

Articles You May Like

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo
Celsius has a Hail Mary bankruptcy plan: Turn its debt into a new cryptocurrency
Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware
Vivo Y73t With 6,000mAh Battery, Dimensity 700 SoC Launched: Price, Specifications
Meta Disrupts Chinese Propaganda Operation Across Facebook, Instagram Ahead of US Midterm Elections

Leave a Reply

Your email address will not be published.