REvil ransomware

by

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.

Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.

Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network.

Read More Ransomware Gangs and the Name Game Distraction
by

The infrastructure and leak sites used by the REvil ransomware gang for its operations went offline last night. Starting last night, the infrastructure and the websites used by the REvil ransomware gang were mysteriously unreachable, BleepingComputer first reported. “The REvil ransomware operation, aka Sodinokibi, operates through numerous clear web and dark web sites used as […]

The post The infrastructure and websites used by REvil ransomware gang are not reachable appeared first on Security Affairs.

Read More The infrastructure and websites used by REvil ransomware gang are not reachable
by

Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals. According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain ‘decoder[.]re’ in addition to a ransomware page available in the TOR network. […]

The post Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya appeared first on Security Affairs.

Read More Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya
by

On Tuesday, White House Press Secretary Jen Psaki declared that while the massive REvil ransomware attack on Kaseya VSA servers is not imputed to anyone so far, the Biden administration will take action if the Russian president doesn’t suppress the cyb…

Read More Following the Kaseya Attack, US Says It Will Take Action Against Ransomware Hackers If Russia Won’t
by

Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management […]

The post Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya appeared first on Security Affairs.

Read More Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya
by

CISA and the FBI published guidance for the victims impacted by the REvil supply-chain ransomware attack against Kaseya. CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain ransomware attack that hit Kaseya ‘s cloud-based MSP platform. The US agencies provides instructions to affected MSPs and their customers […]

The post CISA, FBI share guidance for MSPs and their customers impacted in Kaseya attack appeared first on Security Affairs.

Read More CISA, FBI share guidance for MSPs and their customers impacted in Kaseya attack
by

Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have stolen sensitive data from the company. “We have downloaded databases and other important […]

The post Revil ransomware gang hit Spanish telecom giant MasMovil appeared first on Security Affairs.

Read More Revil ransomware gang hit Spanish telecom giant MasMovil
by

REvil ransomware is demanding $70 million for decrypting all systems locked during the Kaseya supply-chain ransomware attack. REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack. On Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The […]

The post REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims appeared first on Security Affairs.

Read More REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims
by

Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out […]

The post REvil gang exploited a zero-day in the Kaseya supply chain attack appeared first on Security Affairs.

Read More REvil gang exploited a zero-day in the Kaseya supply chain attack
by

Swedish supermarket chain Coop is the first company to disclose the impact of the recent supply chain ransomware attack that hit Kaseya. The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider Kaseya. The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, […]

The post Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack appeared first on Security Affairs.

Read More Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack
by

A supply attack by REvil ransomware operators against Kaseya VSA impacted multiple managed service providers (MSPs) and their clients. A new supply chain attack made the headlines, this afternoon, the REvil ransomware gang hit the cloud-based MSP platform impacting MSPs and their customers. Kaseya has 40,000 customers, not all use the VSA tool which is […]

The post Kaseya VSA supply-chain ransomware attack hit hundreds of companies appeared first on Security Affairs.

Read More Kaseya VSA supply-chain ransomware attack hit hundreds of companies
by

The LV ransomware operators repurposed a REvil binary to create their own strain and launch a ransomware-as-a-service (RaaS). A threat actor known as LV ransomware gang is trying to enter the cybercrime arena, it repurposed a REvil binary almost to create their own strain and launch a ransomware-as-a-service (RaaS). The Sodinokibi/REvil is one of the […]

The post LV ransomware operators repurposed a REvil binary to launch a new RaaS appeared first on Security Affairs.

Read More LV ransomware operators repurposed a REvil binary to launch a new RaaS
by

The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole the victim’s data. US nuclear weapons contractor Sol Oriens was hit by a cyberattack carried out by the REvil ransomware operators, which claims to have stolen data. Sol Orien provides consultant services to the National Nuclear […]

The post REvil ransomware gang hit US nuclear weapons contractor Sol Oriens appeared first on Security Affairs.

Read More REvil ransomware gang hit US nuclear weapons contractor Sol Oriens