Security News > 2022 > May > Let's play everyone's favorite game: REvil? Or Not REvil?

Akamai has spoken of a distributed denial of service assault against one of its customers during which the attackers astonishingly claimed to be associated with REvil, the notorious ransomware-as-a-service gang.

Earlier this month, Akamai's Security Intelligence Response Team got called in to help clean up a Layer 7 attack on one of the vendor's hospitality customers by a group claiming to be connected to REvil.

As Imperva's threat hunters noted: "It is not clear however whether the threats were really made by the original REvil group or by an imposter."

The Bitcoin wallet in the demand wasn't one known to be used by REvil.

While REvil has used DDoS for triple extortion in the past - pay up to stop network flooding as well as keeping the encrypted data private - the lack of an intrusion, document encryption, and file theft all lean decidedly toward this not being REvil.

While the Akamai security researchers can't say definitively, Cashdollar seems to imply that it's most likely a case of using REvil-linked scare tactics to extort payment, as opposed to being an actual REvil resurgence.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/27/is_revil_trying_out_ddos/