Security News > 2022 > July > As New Clues Emerges, Experts Wonder: Is REvil Back?

The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia.

The financially-motivated cybercriminal threat group Gold Southfield controlled ransomware group known as REvil emerged in 2019 and spread like wildfire after extorting $11 million from the meat-processor JBS. REvil would incentivize its affiliates to carry out cyberattacks for them by giving a percentage of the ransom pay-outs to those who help with infiltration activities on targeted computers.

The famous Colonial Pipeline, the oil pipeline company, operating in the United States, was attacked by REvil as part of a Ransomware service.

Cybersecurity researchers have put forward samples of REvil ransomware.

Their findings, based on the findings of samples which all showed identical creation dates and compilation strings along with several other attributes, which mean the same person/team probably makes it - strengthens their argument that they have indeed identified the original REvil ransomware developer and should logically conclude that the self-exiled cybercriminal group known as REvil has returned.

REvil is known for being particularly destructive ransomware, and its return means that businesses and individuals need to be on high alert for possible attacks.

News URL

https://thehackernews.com/2022/07/as-new-clues-emerges-experts-wonder-is.html