REvil | Ransomware gang backs up and talks about key release error

The telenovela of the return of the REvil digital kidnapping gang continues, with another company specialized in security having reasons to believe that the old operation, which killed the Brazilian company JBS, among many other large targets, it’s back. Now, it was the turn of an alleged spokesperson for the group to speak in a forum focused on cybercrime and explain, in parts, what is happening and what the current situation of the group is.

  • Criminals who attacked JBS may be making a comeback
  • Break in Microsoft Office could be more dangerous than it seemed
  • Two out of three companies do not trust recovery after digital hijacking

Of According to a report found by Flashpoint cybersecurity researchers, REvil’s servers and ransomware systems as a service have been restored from backups originally kept by the criminals. The representative did not mention a possible action by the authorities – which is why, it was believed, the group had disappeared originally -, but said that work is slowly being resumed, while contacts with old and new clients are being made as a way to recover the trust and reputation of the pack.

One specific case is cited by Flashpoint, with another forum member filing a complaint against REvil for due payments related to a non-digital hijacking attack. identified. The issue was marked as resolved by the space administrators, indicating that the group made the right decision and should continue with its activities, even if new targets or operations are not yet being mentioned directly.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

The mystery of the keys

Revil criminal group profile in a forum aimed at cybercrime, where the bad guys returned in a verified way and claim to be resuming their activities (Image: Playback/Flashpoint Intel)

Other An issue that indicated a possible action by the authorities was the emergence of a “master” tool, which allowed the release of files encrypted by REvil’s ransomware. It was a mistake, according to the gang’s representative, with one of its members generating a universal key that was sent to a victim who paid the ransom, in the midst of what was necessary for her to release her data in a specific way.

The appearance of the “master” unlock took place days before the total disappearance of the group and also coincided with the bravado and the heating of the US government’s fight against cybercrime. After the cases involving oil distributor Colonial Pipeline, software companies such as Kaseya and JBS itself, President Joe Biden said he would treat the cases of digital hijacking as terrorism, also raising the issue in talks with Russian leader Vladimir Putin, whom he accuses of harboring digital crooks.

Flashpoint’s warning also serves as a focus of attention, as the return of a digital kidnapping gang known for devastating attacks it’s never good news. The trend is for REvil to join other names in the industry in the growing escalation of this type of crime, with security concerns being also a growing concern for companies.

Source: Flashpoint Intel, TechRadar

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

09 09


Related Articles

Back to top button