Security News > 2022 > May > REvil ransomware returns: New malware sample confirms gang is back
These new sites contained a mix of new victims and data stolen during previous REvil attacks.
The only way to know for sure whether REvil was back was to find a sample of the ransomware encryptor and analyze it to determine if it was patched or compiled from source code.
A sample of the new ransomware operation's encryptor was finally discovered this week by AVAST research Jakub Kroustek and has confirmed the new operation's ties to REvil.
BleepingComputer has been told by multiple security researchers and malware analysts that the discovered REvil sample used by the new operation is compiled from source code and includes new changes.
Security researcher R3MRUM has tweeted that the REvil sample has had its version number changed to 1.0 but is a continuation of the last version, 2.08, released by REvil before they shut down.
Kremez told BleepingComputer that the new REvil sample includes a new configuration field, 'accs,' which contains credentials for the specific victim that the attack is targeting.