REvil ransomware group reappears on the dark web after disappearing this summer. The Russian hacking group behind the JBS SA and other cyberattacks this year on companies and organizations. In the case of JBS, the Brazilian meat supplier ended up paying them a ransom of US$11mil (RM45.73mil).
How REvil shames its victims?
The Russian ransomware gang, REvil runs a “Happy Blog” which it uses to shame its victims. The notorious group publishes stolen data samples prior to locking them out on their own networks. Further, the group demands ransom from the target in return for a digital key to restore network access.
According to Adam Meyers, vice president of intelligence at cybersecurity firm CrowdStrike, the portal used by REvil is back online on Sept 7, though there are no posts published by the gang. He also mentioned the site has been restored by the same threat actors running the portal before it went offline in June without notice.
There was a lot of pressure mounting from security agencies back in June/July. After taking a short break the group is back in action with perhaps a new infrastructure and better operational security.
After the Biden administration made its intentions clear to take action on ransomware incidents, especially after the attacks on critical infrastructure, including health care providers, manufacturers, and gas pipeline operators. The administration put several task forces in place to tackle the task of rooting out the scourge, a crackdown that coincided with many cyber gangs going offline.
Jake Willaims, Chief Technology Officer at BreachQuest told Bloomberg, “Typically groups take some summer hiatus so we usually see some slowdown. This year has been no different, with a serious summer lull in financially motivated ransomware activity. I haven’t seen a significant uptick yet, but we’re now entering the window when these attackers come back from holiday and get back to work.”
Atlassian Confluence Service Flaw Used to Breach Jenkins Project Server
Surveillance State – Australian police Get New Hacking Powers
Microsoft Exchange – ProxyShell Flaw Exploited, Over 1900 Servers Hacked!