[TheRecord] REvil ransomware group returns following Kaseya attack

Dark web portals previously operated by the REvil ransomware gang has come back to life earlier today, sparking fears that the once-vaunted ransomware gang will soon resume its attacks.

The website, called the Happy Blog, was one of the many servers that REvil members shut down on July 13, earlier this year.

The group took down its web infrastructure following a mass ransomware attack against Kaseya servers during the July 4th US holiday that hit thousands of businesses, an incident that drew veiled threats and the attention of White House officials.

At the time, many suggested the group had disbanded and was preparing to launch a new rebranded ransomware operation in an attempt to throw off US law enforcement investigators and security firms.

But earlier today, almost two months since the shutdowns, the group’s Happy Blog, a website where REvil operators typically listed victims who refused to negotiate or pay ransoms, is back online on the dark web, according to security researchers from Recorded Future and Emsisoft.

Image: The Record

At the time of writing, the website is still listing the same victims it listed at the time of its shutdown on July 13.

In addition, REvil’s “payment portal,” where victims are told to go and negotiate with the REvil gang, has also been restored at the same old dark web .onion URL.

At the time of writing, no new REvil samples have been spotted by security researchers, and it remains unclear if REvil operators have also launched new attacks.

The post REvil ransomware group returns following Kaseya attack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] SolarWinds attackers breached email of US prosecutors, says Department of Justice

All posts, ZDNet

Hackers – probably backed by Russia – had access to emails for over six months. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ThreatPost] Twitter Suspends Accounts Used to Snare Security Researchers

All posts, ThreatPost

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. Source: Read More (Threatpost)

Read More

[BleepingComputer] Coinbase seeds panic among users with erroneous 2FA change alerts

Coinbase, the world’s second largest cryptocurrency exchange with approximately 68 million users from over 100 countries, has scared a significant amount of its users with erroneous 2FA warnings. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.