REvil is back - and wants to rebuild its reputation

Date:
Mon, 13 Sep 2021 10:18:31 +0000

Description:
After a brief hiatus, a new representative claims that the ransomware
operator is back in the game.

FULL STORY ======================================================================

An alleged representative of the notorious REvil ransomware gang has started engaging with members on the Russian-language Exploit cybercrime forum, sharing details about the groups apparent re-emergence.

After being offline for a majority of two months, several of the dark-web servers belonging to REvil came back online recently.

REvil went offline after orchestrating the Kaseya attacks back in July, following which its properties on both the dark-web and normal web went offline . The disappearance led to speculation that the group could have been hit by law enforcement agencies, especially since the emergence of a
universal decryptor key to help all victims unlock their machines. TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix
so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

Click here to start the survey in a new window << Weve also compiled a

list of the best ransomware protection tools These are the best malware removal software on the market Check our list of the best firewall apps and services

However, the purported representative now claims the release of the universal key was an accident, which when discovered was forwarded to law enforcement agencies.

One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine, wrote REvils new representative in the Russian-post translated by security researchers at Flashpoint. Mending bridges?

Surprisingly though, the representative didnt offer any explanation on the disappearance of the group. However, the post didnt mention that the group
was able to restore their operations from backup, which perhaps means that it was targeted in some kind of an offensive operation by the good guys.

In any case, after being in the dark for several weeks, the group has started to restore its online properties. While the cybersecurity community is still skeptical of the groups return, Flashpoint has seen at least one instance of the group trying to rebuild their reputation with former collaborators, who werent pleased with REvils sudden disappearance.

According to Flashpoint, a threat actor on the forum, opened an arbitration case against the REvil spokesperson for unpaid dues from an earlier
operation, but soon marked it as resolved, which perhaps indicates that REvil has cleared its dues.

If theres merit in REvils efforts to rebuild ties with old affiliates, it would nicely tie into the narrative of security vendor Exabeams chief
security strategist, Steve Moore, who told us last week that the group took the downtime to regroup, and is all set to resume operations, with gusto. Protect your devices with these best antivirus software



======================================================================
Link to news story: https://www.techradar.com/news/revil-is-back-and-wants-to-rebuild-its-reputati on/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)