Exabeam urges caution following REvil ransomware group news

Security researchers have confirmed that REvil ransomware, the cybercrime syndicate, is back online via its Happy Blog and other connected sites.

Cybersecurity company Exabeam is urging businesses to be cautious following the news that the operators behind the REvil ransomware group have resurfaced after closing shop following the widespread attack on Kaseya that caused thousands of victims on July 4.

Security researchers have said all of the dark web sites for the prolific ransomware group, including the payment site, the group's public site, the 'helpdesk' chat and their negotiation portal, went offline on July 13 after the Kaseya attack drew worldwide condemnation and tough threats from US lawmakers.  

The REvil/Sodinokibi variant has been used by countless affiliates to extort money from companies as diverse as now-defunct Travelex, Jack Daniels-maker Brown-Forman and meat processing giant JBS. Last year it claimed to have amassed a fortune of $100m through its efforts.

Exabeam's Chief Security Strategist, Steve Moore, says: "REvil is already very likely a reincarnation of a previous group. After all, adversaries' talent and confidence is stronger after prior successes. I encourage organisations to think about this two-fold. 

"First, they undoubtedly have their next software supply chain compromised. The technique began in espionage and has now been borrowed for criminal activity; this campaign hasn't started yet – but will very soon.

"On the other hand, defenders should focus more on the missed intrusion and poor recovery options and less on ransomware. Ransomware is the product of being unable to detect and disrupt the cycle of compromise – period.  

"Directly, Revil took time to refit, retool, and take a bit of a holiday over the summer.  The fact their sites are back online means they are, again, ready for business and have targets in mind.”


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security