fbpx

Russian Ransomware Group REvil Back Online After 2-Month Hiatus

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.

Two of the dark web portals, including the gang’s Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, five days before the sites mysteriously went off the grid on July 13. It’s not immediately clear if REvil is back in the game or if they have launched new attacks.

“Unfortunately, the Happy Blog is back online,” Emsisoft threat researcher Brett Callow tweeted on Tuesday.

The development comes a little over two months after a wide-scale supply chain ransomware attack aimed at Kaseya, which saw the Russia-based cybercrime gang encrypting approximately 60 managed service providers (MSPs) and over 1,500 downstream businesses using a zero-day vulnerability in the Kaseya VSA remote management software.

In late May, REvil also spearheaded the attack on the world’s largest meat producer JBS, forcing the company to shell out $11 million in ransom to the extortionists to recover from the incident.

Following the attacks and increased international scrutiny in the wake of the global ransomware crisis, the group took its dark web infrastructure down, leading to speculations that it may have temporarily ceased operations with the goal of rebranding under a new identity so as to attract less attention.

REvil, also known as Sodinokibi, emerged as the fifth most commonly reported ransomware strains in Q1 2021, accounting for 4.60% of all submissions in the quarter, according to statistics compiled by Emsisoft.



Source link

[email protected] (Ravie Lakshmanan)

Get worry-free complete website cleanup and protection

Our software continuously scans for malware using our accurate anti-malware database; your site continues to run stable after cleanup. Malware removal takes a moment, not hours. Compatible with PHP-based websites and popular frameworks like WordPress, Drupal, Joomla, DLE, etc.

Our website antivirus does more than just find and remove infected files on your website or put them in quarantine, It removes malicious code (redirections, trojans, backdoors, shell scripts, and other malicious code) from files like PHP, JS, HTML, images, and system files in seconds with high accuracy.

Share your love