Security News > 2022 > October > Ransom Cartel linked to notorious REvil ransomware operation

Ransom Cartel linked to notorious REvil ransomware operation
2022-10-18 21:49

Researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations' encryptors.

The samples analyzed by Unit 42 show that Ransom Cartel is missing some configuration values, meaning that the authors are either trying to make the malware leaner or that their basis is an earlier version of the REvil malware.

There are also similarities in the tactics, techniques, and procedures used by REvil and Ransom Cartel, such as double-extortion attacks, large ransom demands, and a data leak site to pressure victims into paying a ransom.

While there are strong connections between Ransom Cartel and REvil, they are not the only ransomware gang currently using REvil's code.

The new ransomware operation used identical ransom notes and called themselves 'Sodinokibi,' an alternate name for REvil, on their Tor payment sites.

While irrefutable evidence that BlogXX or Ransom Cartel are rebrands of the REvil operation is yet to be found, it's quite clear that at least some of the original members are behind these new ransomware operations.


News URL

https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/