REvil Have Returned - Or Have They?

Criminals claiming to be the extinct ransomware group are targeting one of Akamai’s customers with a DDoS attack, demanding an extortion payment in Bitcoin, according to researchers at Akamai

The Russian hacker group REvil (Ransomware Evil), known for conducting attacks on organisations around the world and demanding million-dollar ransoms in exchange for a decryption key, vanished from the Internet in July 2021 after several international law enforcement operations. But now, they could be back.

Researchers at cloud networking provider Akamai.have been monitoring a distributed denial of service (DDoS) campaign against one of their customers where the attackers claim to be associated with the infamous ransomware-as-a-service (RaaS) group, REvil.

Although the new REvil  gang is claiming responsibility for the attack, Akamai thinks it possible the attack is a copycat operation. 

Although the attackers may claim to be REvil, it is unclear whether the defunct ransomware gang is actually responsible. The attack is a much smaller sale than those observed in previous REvil campaigns.In addition, the attack appears to have a political motivation, which at inconsistent with REvil’s previous tactics. During REvil’s active period, the group claimed it was motivated by financial gain alone.

It could be that REvil is simply trying out a a new business model of DDoS extortion, although Akanai say it is more likely that the attackers are merely using the name of a notorious cybercriminal group to intimidate their victim  organisation into paying up.

When a threat group changes its techniques, it could be a pivot into a new business model, a result of a dramatic change in its skill set, a schism among the group, or an unaffiliated copycat trying to leverage that group’s hype into easy money from short-sighted and emotionally reactive victims.

When REvil disappeared in July 2021 it followed a major cyber assault in which it encrypted 60 managed service providers and more than 1,500 companies by exploiting a zero-day vulnerability in the Kaseya VSA remote management platform.

REvil is probably the most prolific and dangerous cyber-crime gang ever and they've operated with complete confidence and arrogance. Not only were their attacks indiscriminate, they operated a website they called their "Happy Blog" where they would name and shame victims who didn't pay their ransoms. As with many of the criminal gangs thought to be operating in Russia immune from prosecution, this is unlikely to be the end of the story.

Akamai:     Oodaloop:     Threatpost:    InfosecToday:      OCCRP:   BBC

You Might Also Read: 

Ransomware Gang REvil Is Cancelled:

 

« Zoom Can Expose You To Cyber Attacks
Email Security Threat Report »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Naked Security

Naked Security

Naked Security is a blog where Sophos Security expert Chet Wisniewski shares advice and insights into online threats

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Conference-Service.com

Conference-Service.com

Conference-Service.com provides a categorised calendar of conferences and events which includes Information Security.

Prevoty

Prevoty

Prevoty provides a new RASP (runtime application self-protection) capability, enabling applications to protect themselves.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Avisa Partners

Avisa Partners

Avisa Partners is an economic intelligence, global advocacy and cybersecurity firm.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

Secure Forensics

Secure Forensics

Secure Forensics can assist in any situation that requires digital forensics or an investigation ranging from complex criminal matters to fraud and file tampering to cyber crime.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

HKR Trainings

HKR Trainings

HKR Trainings provide you the best online classes with high quality facilities at a low price without any compromise on quality. Certifications cover a wide range of areas including cybersecurity.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.