Russian Ransomware Group REvil Again On-line After 2-Month Hiatus


The operators behind the REvil ransomware-as-a-service (RaaS) staged a shock return after a two-month hiatus following the broadly publicized assault on know-how providers supplier Kaseya on July 4.

Two of the darkish net portals, together with the gang’s Comfortable Weblog information leak website and its fee/negotiation website, have resurfaced on-line, with the latest sufferer added on July 8, 5 days earlier than the websites mysteriously went off the grid on July 13. It isn’t instantly clear if REvil is again within the recreation or if they’ve launched new assaults.

“Sadly, the Comfortable Weblog is again on-line,” Emsisoft menace researcher Brett Callow tweeted on Tuesday.

The event comes somewhat over two months after a wide-scale supply chain ransomware attack geared toward Kaseya, which noticed the Russia-based cybercrime gang encrypting roughly 60 managed service suppliers (MSPs) and over 1,500 downstream companies utilizing a zero-day vulnerability within the Kaseya VSA distant administration software program.

In late Might, REvil additionally spearheaded the attack on the world’s largest meat producer JBS, forcing the corporate to shell out $11 million in ransom to the extortionists to get better from the incident.

Following the assaults and elevated worldwide scrutiny within the wake of the worldwide ransomware disaster, the group took its darkish net infrastructure down, resulting in speculations that it could have briefly ceased operations with the purpose of rebranding underneath a brand new identification in order to draw much less consideration.

REvil, also referred to as Sodinokibi, emerged because the fifth mostly reported ransomware strains in Q1 2021, accounting for 4.60% of all submissions within the quarter, according to statistics compiled by Emsisoft.

Source link