REvil ransomware gang resurfaces after brief disappearance

Elements of the notorious ransomware group's infrastructure have come back online

The REvil ransomware gang, which has presided over some of the most devastating cyber attacks in recent memory, has resurfaced after traces of the group were wiped from the internet earlier this year.

Only days after spearheading a large-scale attack against Kaseya in July, the cyber crime group disappeared without any clues as to how or why. According to security researchers, REvil’s servers and payment sites were down, while its public spokesperson, who goes by ‘Unknown’ was unresponsive. 

Elements of the group’s infrastructure have been turned online once again, now, just shy of two months later, according to Bloomberg. Researchers with CrowdStrike and others, for example, have spotted that the group’s website called the ‘Happy Blog’ has returned, as well as its portal REvil operators use to negotiate with victims.

Kaseya was the last high-profile entity that REvil had targeted before what has emerged to be a brief hiatus. The group had initially demanded a $70 million ransom for the attack, alongside smaller sums from companies affected further down the supply chain. In total, up to 1,500 organisers were affected as the vulnerable Kaseya VSA platform is used by MSPs. 

Although REvil had vanished only days later, Kaseya mysteriously obtained the master decryptor from an unnamed ‘third party’ a couple of weeks later. This allowed the business, as well as the other organisations affected, to dissociate itself from the ransomware attack and fully restore services.

So far this year the group has previously targeted various organisations including Acer, the Harris Federation of London-based schools, and the Taiwanese firm Quanta Computer, one of the biggest hardware firms in the world.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point insideFree download

When REvil vanished without explanation, speculation was rife as to why, with theories ranging from an internal fallout to enforcement action, to a brief break, or holiday.

Eset’s cyber security specialist Jake Moore told IT Pro at the time that the shutdown might possibly be enforcement action, although warned that if it was, this didn’t mean the individuals behind the scenes would be deterred from resurfacing.

“Cyber security specialist with Eset, Jake Moore, has suggested the shutdown could be the result of enforcement action, with the increasing scale and breadth of new and improving police tactics starting to take effect.

“With recent state of the art techniques used to target displacing the money in other operations, it is clear that the police are beginning to turn the tide and fight back on digital crime,” he said.

“Although the detail in such law enforcement tactics still remains unknown to the public, it highlights the police are continuing to grow in their operations and fight from different angles. However, this setback for REvil will unlikely deter them completely, if anything, it may spur them on more.”

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Researchers disclose top flaws abused by ransomware gangs
ransomware

Researchers disclose top flaws abused by ransomware gangs

20 Sep 2021
One-in-seven Nasdaq-100 companies ranked as highly susceptible to a ransomware attack
cyber crime

One-in-seven Nasdaq-100 companies ranked as highly susceptible to a ransomware attack

16 Sep 2021
Large US businesses are hackers' ideal ransomware targets
ransomware

Large US businesses are hackers' ideal ransomware targets

7 Sep 2021
Criminals caught trying to recruit insiders to plant ransomware
ransomware

Criminals caught trying to recruit insiders to plant ransomware

20 Aug 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021