REvil ransomware group is back with a vengeance
Date:
Mon, 02 May 2022 22:00:31 +0000
Description:
The REvil ransomware group has returned under a new name after being shut
down in October of last year.
FULL STORY ======================================================================
The REvil ransomware group is back in operation with new infrastructure and a modified encryptor after supposedly being shut down last year.
Back in October of 2021, the notorious ransomware gang was shut down after a law enforcement operation hijacked its Tor servers . This was then followed
by several of its key members being arrested by Russias FSB .
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99.
As Russias invasion of Ukraine soured relations between it and the US, the US government went ahead and unilaterally shut down the communication channel it had on cybersecurity with Moscow. As a result, the US has also withdrawn itself from the negotiation process regarding REvil.
While it seemed for a bit there that REvil had closed shop for good, the groups old Tor infrastructure recently began operating again . However, instead of showing old websites, its Tor servers redirected visitors to URLs for a new unnamed ransomware operation according to a report from BleepingComputer . A new REvil encryptor
Websites are redirected all the time which is why finding a new sample of REvils ransomware encryptor and analyzing it is the only way to tell whether or not the cybercriminal group has really returned.
Fortunately, malware research director at Avast, Jakub Kroustek recently
found a sample of the encryptor used by the new ransomware group that may or may not be REvil. Its worth noting that other ransomware operations have used REvils encryptor in the past but they all used patched executables as opposed to having direct access to the groups source code.
Multiple security researchers and malware analysts that spoke with BleepingComputer have confirmed that this new sample is compiled from REvils source code though it does include some new changes. In a post on Twitter , security researcher R3MRUM said that although the samples version number is 1.0, it is actually a continuation of REvils last encryptor version (2.08) which was released before the group was shut down. Read More
Ransomware payments hit a new all-time high last year
IT workers believe ransomware is as serious as terrorism
These fake Windows 10 updates will land you with a ransomware infection
Advanced Intel CEO Vitali Kremez was also able to reverse engineer the sample in question and he confirmed to BleepingComputer that it was compiled from source code on April 26 and not patched.
Although REvils original public-facing representative known as Unknown
remains missing, threat intelligence researcher FellowSecurity told the news outlet that one of the ransomware groups original core developers had relaunched the operation under a new name .
At this time, we still dont know what this rebranded version of the REvil ransomware group refers to itself as but now that REvil is back, expect to
see more high-profile attacks on important and valuable targets worldwide. Keep your devices virus free with the best malware removal software
Via BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/revil-ransomware-group-is-back-with-a-vengeance /
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)