REvil Have Returned - Or Have They?

Uploaded on 2022-06-22 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Criminals claiming to be the extinct ransomware group are targeting one of Akamai’s customers with a DDoS attack, demanding an extortion payment in Bitcoin, according to researchers at Akamai

The Russian hacker group REvil (Ransomware Evil), known for conducting attacks on organisations around the world and demanding million-dollar ransoms in exchange for a decryption key, vanished from the Internet in July 2021 after several international law enforcement operations. But now, they could be back.

Researchers at cloud networking provider Akamai.have been monitoring a distributed denial of service (DDoS) campaign against one of their customers where the attackers claim to be associated with the infamous ransomware-as-a-service (RaaS) group, REvil.

Although the new REvil  gang is claiming responsibility for the attack, Akamai thinks it possible the attack is a copycat operation. 

Although the attackers may claim to be REvil, it is unclear whether the defunct ransomware gang is actually responsible. The attack is a much smaller sale than those observed in previous REvil campaigns.In addition, the attack appears to have a political motivation, which at inconsistent with REvil’s previous tactics. During REvil’s active period, the group claimed it was motivated by financial gain alone.

It could be that REvil is simply trying out a a new business model of DDoS extortion, although Akanai say it is more likely that the attackers are merely using the name of a notorious cybercriminal group to intimidate their victim  organisation into paying up.

When a threat group changes its techniques, it could be a pivot into a new business model, a result of a dramatic change in its skill set, a schism among the group, or an unaffiliated copycat trying to leverage that group’s hype into easy money from short-sighted and emotionally reactive victims.

When REvil disappeared in July 2021 it followed a major cyber assault in which it encrypted 60 managed service providers and more than 1,500 companies by exploiting a zero-day vulnerability in the Kaseya VSA remote management platform.

REvil is probably the most prolific and dangerous cyber-crime gang ever and they've operated with complete confidence and arrogance. Not only were their attacks indiscriminate, they operated a website they called their "Happy Blog" where they would name and shame victims who didn't pay their ransoms. As with many of the criminal gangs thought to be operating in Russia immune from prosecution, this is unlikely to be the end of the story.

Akamai:     Oodaloop:     Threatpost:    InfosecToday:      OCCRP:   BBC

You Might Also Read: 

Ransomware Gang REvil Is Cancelled:

 

« Zoom Can Expose You To Cyber Attacks
Email Security Threat Report »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

Lumu Technologies

Lumu Technologies

Lumu is a cybersecurity company that illuminates threats and attacks affecting enterprises worldwide.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.