Security News

The notorious REvil ransomware gang appears to have returned from the bowels of the dark web, three months after the arrest of 14 of its suspected members, with its old website forwarding to a new operation that lists both previous and fresh victims. Still, not all security researchers remain convinced that REvil is back.

REvil ransomware's servers in the TOR network are back up after months of inactivity and redirect to a new operation that appears to have started since at least mid-December last year. It is unclear who is behind the new REvil-connected operation but the new leak site lists a large catalog of victims from past REvil attacks plus two new ones.

LockBit beats REvil and Ryuk in Splunk's ransomware encryption speed test. Splunk researchers put 10 ransomware variants to a speed test to help network defenders improve their security strategies.

Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously arrested in Poland in October 2021, prompting the U.S. Justice Department to file charges of conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering.

The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack. Vasinkyi is believed to be a REvil ransomware affiliate tasked to breach corporate networks worldwide, steal unencrypted data, and then encrypt all of the devices on the network.

A Ukrainian national alleged to be a member of the REvil ransomware gang has been extradited to the US and charged with multiple criminal offences. According to the unsealed complaint, prosecutors say he co-authored the Sodinokibi ransomware variant, as deployed by the infamous REvil crew.

Hey webop geeks, you are already dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand. In a post that detailed mitigation of a recent attack that hit up to 2.5 Mrps on a single website, Imperva's Nelli Klepfish shared several chest-thumping ransom notes - a screen capture of one is included below - that its targeted customer received before the attack started.

Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals. It's these arrests that appear to be causing fear among other cybercriminals.

In an unprecedented move, Russia's Federal Security Service, the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. One of the most active ransomware crews last year, REvil took responsibility for high-profile attacks against JBS and Kaseya, among a string of several others.

Eight members of the REvil ransomware operation that have been detained by Russian officers are currently facing criminal charges for their illegal activity. On Friday, the Federal Security Service of the Russian Federation - the country's domestic intelligence service, announced raids at the homes of 14 individuals suspected to be part of the REvil ransomware gang.