REvil Have Returned - Or Have They?

Criminals claiming to be the extinct ransomware group are targeting one of Akamai’s customers with a DDoS attack, demanding an extortion payment in Bitcoin, according to researchers at Akamai

The Russian hacker group REvil (Ransomware Evil), known for conducting attacks on organisations around the world and demanding million-dollar ransoms in exchange for a decryption key, vanished from the Internet in July 2021 after several international law enforcement operations. But now, they could be back.

Researchers at cloud networking provider Akamai.have been monitoring a distributed denial of service (DDoS) campaign against one of their customers where the attackers claim to be associated with the infamous ransomware-as-a-service (RaaS) group, REvil.

Although the new REvil  gang is claiming responsibility for the attack, Akamai thinks it possible the attack is a copycat operation. 

Although the attackers may claim to be REvil, it is unclear whether the defunct ransomware gang is actually responsible. The attack is a much smaller sale than those observed in previous REvil campaigns.In addition, the attack appears to have a political motivation, which at inconsistent with REvil’s previous tactics. During REvil’s active period, the group claimed it was motivated by financial gain alone.

It could be that REvil is simply trying out a a new business model of DDoS extortion, although Akanai say it is more likely that the attackers are merely using the name of a notorious cybercriminal group to intimidate their victim  organisation into paying up.

When a threat group changes its techniques, it could be a pivot into a new business model, a result of a dramatic change in its skill set, a schism among the group, or an unaffiliated copycat trying to leverage that group’s hype into easy money from short-sighted and emotionally reactive victims.

When REvil disappeared in July 2021 it followed a major cyber assault in which it encrypted 60 managed service providers and more than 1,500 companies by exploiting a zero-day vulnerability in the Kaseya VSA remote management platform.

REvil is probably the most prolific and dangerous cyber-crime gang ever and they've operated with complete confidence and arrogance. Not only were their attacks indiscriminate, they operated a website they called their "Happy Blog" where they would name and shame victims who didn't pay their ransoms. As with many of the criminal gangs thought to be operating in Russia immune from prosecution, this is unlikely to be the end of the story.

Akamai:     Oodaloop:     Threatpost:    InfosecToday:      OCCRP:   BBC

You Might Also Read: 

Ransomware Gang REvil Is Cancelled:

 

« Zoom Can Expose You To Cyber Attacks
Email Security Threat Report »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Agio

Agio

Agio provide Managed IT & Cybersecurity for Financial Firms. Our industry-specific expertise and AI-powered service delivery transform reactive support into proactive prevention.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Kordia

Kordia

Kordia is a leading provider of mission-critical technology solutions throughout Australasia. We have the most comprehensive cyber security offering in New Zealand.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.

Staris

Staris

Human based defense is dead. Staris is reinventing application security for an increasingly AI driven world.