[TheRecord] REvil ransomware group returns following Kaseya attack

Dark web portals previously operated by the REvil ransomware gang has come back to life earlier today, sparking fears that the once-vaunted ransomware gang will soon resume its attacks.

The website, called the Happy Blog, was one of the many servers that REvil members shut down on July 13, earlier this year.

The group took down its web infrastructure following a mass ransomware attack against Kaseya servers during the July 4th US holiday that hit thousands of businesses, an incident that drew veiled threats and the attention of White House officials.

At the time, many suggested the group had disbanded and was preparing to launch a new rebranded ransomware operation in an attempt to throw off US law enforcement investigators and security firms.

But earlier today, almost two months since the shutdowns, the group’s Happy Blog, a website where REvil operators typically listed victims who refused to negotiate or pay ransoms, is back online on the dark web, according to security researchers from Recorded Future and Emsisoft.

Image: The Record

At the time of writing, the website is still listing the same victims it listed at the time of its shutdown on July 13.

In addition, REvil’s “payment portal,” where victims are told to go and negotiate with the REvil gang, has also been restored at the same old dark web .onion URL.

At the time of writing, no new REvil samples have been spotted by security researchers, and it remains unclear if REvil operators have also launched new attacks.

The post REvil ransomware group returns following Kaseya attack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Singapore looks to drive maritime innovation, cybersecurity resilience

All posts, ZDNet

Asian nation unveils plans to encourage organisations in the sector to trial new additive manufacturing initiatives and build up cybersecurity capabilities. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

All posts, HackerNews

A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers […]

Read More

[TheRecord] Ubisoft discloses security breach impacting Just Dance gamer data

French video game maker Ubisoft said today that a misconfiguration in its IT infrastructure exposed gamer data for players of its Just Dance video game series. The company is currently notifying all impacted users via email after disclosing the breach earlier today in a community forum post. Ubisoft didn’t provide details about how the breach occurred […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.