As New Clues Emerges, Experts Wonder: Is REvil Back?

Is REvil Back

Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia.

The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In this apprehension, the 14 members of the gang were found in possession of 426 million roubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars were brought to justice.

REvil Ransomware Gang- The Context

The financially-motivated cybercriminal threat group Gold Southfield controlled ransomware group known as REvil emerged in 2019 and spread like wildfire after extorting $11 million from the meat-processor JBS.

REvil would incentivize its affiliates to carry out cyberattacks for them by giving a percentage of the ransom pay-outs to those who help with infiltration activities on targeted computers.

In July 2021, hackers working under REvil exploited zero-day vulnerabilities in Managed Service Provider (MSP)service developed by a company called Kaseya. As is often the case, these vulnerabilities had not been patched and were therefore open for exploitation. The code change was deployed globally against over 30 MSPs worldwide and 1,000 business networks managed by those MSPs.

The hackers rented their ransomware to other cyber criminals so that a similar attack could occur and disrupt the activities of others. It’s been reported how sustained ransomware attacks were conducted revealed that most hacking groups utilize Ransomware-as-service by renting out their services to other users (who often have easy access to the victim’s systems, networks, and other personal information). The famous Colonial Pipeline, the oil pipeline company, operating in the United States, was attacked by REvil as part of a Ransomware service.

In October 2021, a multi-country law enforcement operation seized control of REvil’s main ransomware-related resources and dismantled the darknet campaign that was being conducted on anonymous ToR servers.

But thanks to the U.S.-Russian collaboration, the REvil…