REvil Have Returned - Or Have They?

Uploaded on 2022-06-22 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Criminals claiming to be the extinct ransomware group are targeting one of Akamai’s customers with a DDoS attack, demanding an extortion payment in Bitcoin, according to researchers at Akamai

The Russian hacker group REvil (Ransomware Evil), known for conducting attacks on organisations around the world and demanding million-dollar ransoms in exchange for a decryption key, vanished from the Internet in July 2021 after several international law enforcement operations. But now, they could be back.

Researchers at cloud networking provider Akamai.have been monitoring a distributed denial of service (DDoS) campaign against one of their customers where the attackers claim to be associated with the infamous ransomware-as-a-service (RaaS) group, REvil.

Although the new REvil  gang is claiming responsibility for the attack, Akamai thinks it possible the attack is a copycat operation. 

Although the attackers may claim to be REvil, it is unclear whether the defunct ransomware gang is actually responsible. The attack is a much smaller sale than those observed in previous REvil campaigns.In addition, the attack appears to have a political motivation, which at inconsistent with REvil’s previous tactics. During REvil’s active period, the group claimed it was motivated by financial gain alone.

It could be that REvil is simply trying out a a new business model of DDoS extortion, although Akanai say it is more likely that the attackers are merely using the name of a notorious cybercriminal group to intimidate their victim  organisation into paying up.

When a threat group changes its techniques, it could be a pivot into a new business model, a result of a dramatic change in its skill set, a schism among the group, or an unaffiliated copycat trying to leverage that group’s hype into easy money from short-sighted and emotionally reactive victims.

When REvil disappeared in July 2021 it followed a major cyber assault in which it encrypted 60 managed service providers and more than 1,500 companies by exploiting a zero-day vulnerability in the Kaseya VSA remote management platform.

REvil is probably the most prolific and dangerous cyber-crime gang ever and they've operated with complete confidence and arrogance. Not only were their attacks indiscriminate, they operated a website they called their "Happy Blog" where they would name and shame victims who didn't pay their ransoms. As with many of the criminal gangs thought to be operating in Russia immune from prosecution, this is unlikely to be the end of the story.

Akamai:     Oodaloop:     Threatpost:    InfosecToday:      OCCRP:   BBC

You Might Also Read: 

Ransomware Gang REvil Is Cancelled:

 

« Zoom Can Expose You To Cyber Attacks
Email Security Threat Report »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

UnderDefense

UnderDefense

UnderDefense provides cyber resiliency consulting and technology-enabled services to anticipate, manage and defend against cyber threats.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

CyberconIQ

CyberconIQ

CyberconIQ provide an integrated Human Defense Platform that reduces the probability and/or the cost of a cybersecurity breach by measurably improving our clients risk posture and compliance culture.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.

AFINE

AFINE

AFINE is a trusted advisor in the field of cybersecurity and pentesting.

Five Tattva (5Tattva)

Five Tattva (5Tattva)

At 5TATTVA, we stand at the forefront of cybersecurity, dedicated to providing comprehensive solutions that fortify your digital defences.