IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

REvil ransomware gang resurfaces after brief disappearance

Elements of the notorious ransomware group's infrastructure have come back online

The REvil ransomware gang, which has presided over some of the most devastating cyber attacks in recent memory, has resurfaced after traces of the group were wiped from the internet earlier this year.

Only days after spearheading a large-scale attack against Kaseya in July, the cyber crime group disappeared without any clues as to how or why. According to security researchers, REvil’s servers and payment sites were down, while its public spokesperson, who goes by ‘Unknown’ was unresponsive. 

Elements of the group’s infrastructure have been turned online once again, now, just shy of two months later, according to Bloomberg. Researchers with CrowdStrike and others, for example, have spotted that the group’s website called the ‘Happy Blog’ has returned, as well as its portal REvil operators use to negotiate with victims.

Kaseya was the last high-profile entity that REvil had targeted before what has emerged to be a brief hiatus. The group had initially demanded a $70 million ransom for the attack, alongside smaller sums from companies affected further down the supply chain. In total, up to 1,500 organisers were affected as the vulnerable Kaseya VSA platform is used by MSPs. 

Although REvil had vanished only days later, Kaseya mysteriously obtained the master decryptor from an unnamed ‘third party’ a couple of weeks later. This allowed the business, as well as the other organisations affected, to dissociate itself from the ransomware attack and fully restore services.

So far this year the group has previously targeted various organisations including Acer, the Harris Federation of London-based schools, and the Taiwanese firm Quanta Computer, one of the biggest hardware firms in the world.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point insideFree download

When REvil vanished without explanation, speculation was rife as to why, with theories ranging from an internal fallout to enforcement action, to a brief break, or holiday.

Eset’s cyber security specialist Jake Moore told IT Pro at the time that the shutdown might possibly be enforcement action, although warned that if it was, this didn’t mean the individuals behind the scenes would be deterred from resurfacing.

“Cyber security specialist with Eset, Jake Moore, has suggested the shutdown could be the result of enforcement action, with the increasing scale and breadth of new and improving police tactics starting to take effect.

“With recent state of the art techniques used to target displacing the money in other operations, it is clear that the police are beginning to turn the tide and fight back on digital crime,” he said.

“Although the detail in such law enforcement tactics still remains unknown to the public, it highlights the police are continuing to grow in their operations and fight from different angles. However, this setback for REvil will unlikely deter them completely, if anything, it may spur them on more.”

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
US and Israel join forces to fight ransomware
ransomware

US and Israel join forces to fight ransomware

15 Nov 2021

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Latest LockBit ransomware strain 'strikingly similar' to BlackMatter
ransomware

Latest LockBit ransomware strain 'strikingly similar' to BlackMatter

4 Jul 2022