REvil Have Returned - Or Have They?

Uploaded on 2022-06-22 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Criminals claiming to be the extinct ransomware group are targeting one of Akamai’s customers with a DDoS attack, demanding an extortion payment in Bitcoin, according to researchers at Akamai

The Russian hacker group REvil (Ransomware Evil), known for conducting attacks on organisations around the world and demanding million-dollar ransoms in exchange for a decryption key, vanished from the Internet in July 2021 after several international law enforcement operations. But now, they could be back.

Researchers at cloud networking provider Akamai.have been monitoring a distributed denial of service (DDoS) campaign against one of their customers where the attackers claim to be associated with the infamous ransomware-as-a-service (RaaS) group, REvil.

Although the new REvil  gang is claiming responsibility for the attack, Akamai thinks it possible the attack is a copycat operation. 

Although the attackers may claim to be REvil, it is unclear whether the defunct ransomware gang is actually responsible. The attack is a much smaller sale than those observed in previous REvil campaigns.In addition, the attack appears to have a political motivation, which at inconsistent with REvil’s previous tactics. During REvil’s active period, the group claimed it was motivated by financial gain alone.

It could be that REvil is simply trying out a a new business model of DDoS extortion, although Akanai say it is more likely that the attackers are merely using the name of a notorious cybercriminal group to intimidate their victim  organisation into paying up.

When a threat group changes its techniques, it could be a pivot into a new business model, a result of a dramatic change in its skill set, a schism among the group, or an unaffiliated copycat trying to leverage that group’s hype into easy money from short-sighted and emotionally reactive victims.

When REvil disappeared in July 2021 it followed a major cyber assault in which it encrypted 60 managed service providers and more than 1,500 companies by exploiting a zero-day vulnerability in the Kaseya VSA remote management platform.

REvil is probably the most prolific and dangerous cyber-crime gang ever and they've operated with complete confidence and arrogance. Not only were their attacks indiscriminate, they operated a website they called their "Happy Blog" where they would name and shame victims who didn't pay their ransoms. As with many of the criminal gangs thought to be operating in Russia immune from prosecution, this is unlikely to be the end of the story.

Akamai:     Oodaloop:     Threatpost:    InfosecToday:      OCCRP:   BBC

You Might Also Read: 

Ransomware Gang REvil Is Cancelled:

 

« Zoom Can Expose You To Cyber Attacks
Email Security Threat Report »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Physec

Physec

Physec offers innovative security products and solutions for the Internet of Things ecosystem.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.

Digimune

Digimune

Digimune is an all-encompassing cloud-based cyber risk protection platform that guards you against the dangers of our digital world.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

BetterWorld Technology

BetterWorld Technology

BetterWorld Technology provides cloud solutions, managed services, SaaS, cybersecurity and virtual CIO, all customized to meet your needs.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.