Russian Ransomware Group REvil Back Online After 2-Month Hiatus

News

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.

Two of the dark web portals, including the gang’s Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, five days before the sites mysteriously went off the grid on July 13. It’s not immediately clear if REvil is back in the game or if they have launched new attacks.

“Unfortunately, the Happy Blog is back online,” Emsisoft threat researcher Brett Callow tweeted on Tuesday.

The development comes a little over two months after a wide-scale supply chain ransomware attack aimed at Kaseya, which saw the Russia-based cybercrime gang encrypting approximately 60 managed service providers (MSPs) and over 1,500 downstream businesses using a zero-day vulnerability in the Kaseya VSA remote management software.

In late May, REvil also spearheaded the attack on the world’s largest meat producer JBS, forcing the company to shell out $11 million in ransom to the extortionists to recover from the incident.

Following the attacks and increased international scrutiny in the wake of the global ransomware crisis, the group took its dark web infrastructure down, leading to speculations that it may have temporarily ceased operations with the goal of rebranding under a new identity so as to attract less attention.

REvil, also known as Sodinokibi, emerged as the fifth most commonly reported ransomware strains in Q1 2021, accounting for 4.60% of all submissions in the quarter, according to statistics compiled by Emsisoft.

Articles You May Like

Detecting Credential Stealing Attacks Through Active In-Network Defense
Executive Spotlight: Q&A with Lead Scientist & Sr. Principal Engineer, Christiaan Beek
Swedish EV-maker Polestar reportedly preparing to go SPAC at $21B valuation
European Telecom Company Expands Its Footprint to Better Protect Users and Customers
LG is acquiring automotive cybersecurity startup Cybellum in a $240M deal

Leave a Reply

Your email address will not be published. Required fields are marked *