Exabeam urges caution following REvil ransomware group news

By BizClik Admin
Share
Security researchers have confirmed that REvil ransomware, the cybercrime syndicate, is back online via its Happy Blog and other connected sites.

Cybersecurity company Exabeam is urging businesses to be cautious following the news that the operators behind the REvil ransomware group have resurfaced after closing shop following the widespread attack on Kaseya that caused thousands of victims on July 4.

Security researchers have said all of the dark web sites for the prolific ransomware group, including the payment site, the group's public site, the 'helpdesk' chat and their negotiation portal, went offline on July 13 after the Kaseya attack drew worldwide condemnation and tough threats from US lawmakers.  

The REvil/Sodinokibi variant has been used by countless affiliates to extort money from companies as diverse as now-defunct Travelex, Jack Daniels-maker Brown-Forman and meat processing giant JBS. Last year it claimed to have amassed a fortune of $100m through its efforts.

Exabeam's Chief Security Strategist, Steve Moore, says: "REvil is already very likely a reincarnation of a previous group. After all, adversaries' talent and confidence is stronger after prior successes. I encourage organisations to think about this two-fold. 

"First, they undoubtedly have their next software supply chain compromised. The technique began in espionage and has now been borrowed for criminal activity; this campaign hasn't started yet – but will very soon.

"On the other hand, defenders should focus more on the missed intrusion and poor recovery options and less on ransomware. Ransomware is the product of being unable to detect and disrupt the cycle of compromise – period.  

"Directly, Revil took time to refit, retool, and take a bit of a holiday over the summer.  The fact their sites are back online means they are, again, ready for business and have targets in mind.”

Share

Featured Articles

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

AI cybersecurity firm Darktrace reveals increase in brand impersonation attacks targeting retailers, with holiday-themed phishing attacks rising 327%

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security

SAVE THE DATE – Cyber LIVE London 2025

Cyber Security