Security News > 2021 > March > REvil Group Claims Slew of Ransomware Attacks

The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two large international banks; and a European manufacturer.

The malware, which first surfaced in 2019, has since proliferated to hit an array of victims, including New York-based celebrity law firm Grubman Shire Meiselas & Sacks, Travelex and Brown-Forman Corp. Ransomware Attacks.

While researchers can't be 100 percent sure the claims are accurate, "In reviewing several of the documents that the Sodin gang claims are from their new victims, many of them appear to be authentic," said McLeod.

For one of the victims - the manufacturing company - researchers found news reports that the manufacturer had been hit by ransomware and had to stop production for a day or two.

Researchers said one puzzle piece to REvil's recent success with ransomware attacks may be the Gootloader malware loader, which they said is "Designed to seed the ransomware."

Researchers said they have seen REvil expanding its extortion tricks tactics and procedures to now contact victims' business associates and the media, in order to put on the maximum amount of pressure on the victim to pay.

News URL

https://threatpost.com/revil-claims-ransomware-attacks/164739/