Suspected REvil Gang Insider Identified

2021-10-28 20:04

According to a joint investigation by the German media outlet Zeit Online and the German public broadcaster Bayerischer Rundfunk, investigators from Germany's Baden-Württemberg State Criminal Police Office are convinced that Nikolay K. is part of the core group that operate the ransomware-as-a-service player REvil, aka Sodinokibi.

According to Reuters, which broke the news about last week's law enforcement move against the gang, REvil's also behind the Colonial Pipeline attack, as opposed to a culprit presumed to be a ransomware group named DarkSide.

Still and all, the German Federal Office for Information Security classifies REvil as "One of the most dangerous programs in the field," according to Zeit Online.

Its report cites multiple nasty attacks carried out by the gang In Germany, including a 2019 attack against a Germany IT company that serves doctors' offices and hospitals that forced several clinics offline and into emergency operations.

REvil's also behind a 2019 attack on a Stuttgart theater in which a reportedly earlier version of REvil - Gandcrab, which shuttered operations in 2019 - was used.

Good luck with this one, LKA: REvil may have slipped up multiple times - and been caught at it - recently but if Nikolay K, is really part of the brains of the REvil operation, he presumably smart enough not to step outside of Russia's border anytime soon.

News URL

https://threatpost.com/revil-ransomware-core-member/175863/