Security News > 2021 > March > REvil Group Claims Slew of Ransomware Attacks
The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two large international banks; and a European manufacturer.
The malware, which first surfaced in 2019, has since proliferated to hit an array of victims, including New York-based celebrity law firm Grubman Shire Meiselas & Sacks, Travelex and Brown-Forman Corp. Ransomware Attacks.
While researchers can't be 100 percent sure the claims are accurate, "In reviewing several of the documents that the Sodin gang claims are from their new victims, many of them appear to be authentic," said McLeod.
For one of the victims - the manufacturing company - researchers found news reports that the manufacturer had been hit by ransomware and had to stop production for a day or two.
Researchers said one puzzle piece to REvil's recent success with ransomware attacks may be the Gootloader malware loader, which they said is "Designed to seed the ransomware."
Researchers said they have seen REvil expanding its extortion tricks tactics and procedures to now contact victims' business associates and the media, in order to put on the maximum amount of pressure on the victim to pay.
News URL
https://threatpost.com/revil-claims-ransomware-attacks/164739/
Related news
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (source)
- Ransomware crisis deepens as attacks and payouts rise (source)