Security News

Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. Law enforcement linked the long-term REvil affiliate to the Kaseya supply-chain ransomware attacks, which impacted over 1,500 companies worldwide.

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims....

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider...

The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. Medibank is a large health insurance provider in Australia that suffered a ransomware attack in October 2022, causing operational and business disruption.

The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. Following a lengthy investigation, the Australian authorities identified Ermakov as the person responsible for the Medibank hack and data theft.

If safety regulations are written in blood, what are security policies written in? Sweat and cursing? Australian health insurance company Medibank will take all of its IT systems offline and close...

Researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations' encryptors. The samples analyzed by Unit 42 show that Ransom Cartel is missing some configuration values, meaning that the authors are either trying to make the malware leaner or that their basis is an earlier version of the REvil malware.

Now Unit 42 says Ransom Cartel shares some similarities with the notorious REvil ransomware-as-a-service gang. The researchers aren't making that leap, but they believe that at one time those cybercriminals behind Ransom Cartel had made contact with their REvil counterparts, maybe as affiliates or in some other position.

Does that mean REvil - which was behind the high-profile attack on Colonial Pipeline last year and essentially went dark just months before Ransom Cartel came to the surface - morphed into the new group and is just continuing with its nefarious ways under a new name? "Based on the fact that the Ransom Cartel operators clearly have access to the original REvil ransomware source code, yet likely do not possess the obfuscation engine used to encrypt strings and hide API calls, we speculate that the operators of Ransom Cartel had a relationship with the REvil group at one point, before starting their own operation," Unit 42 researchers Amer Elsad and Daniel Bunce write in a recent report.