REvil Ransomware Group Returns After Short Break

Share post:

The ransomware group REvil has resurfaced after it was reportedly shut down following the widespread attack on Kaseya on July 4 that affected thousands.

U.S. President Joe Biden met personally with Russian President Vladimir Putin after the attack, and analysts attributed the closure of REvil to a meeting between the two world leaders at which Biden pressed Putin about ransomware attacks from Russia.

Still, both U.S. authorities and Russian officials denied any involvement in the July attacks.

Security experts took to social media on Tuesday to explain that the group’s Happy Blog and other sites linked to REvil are now back online, with the latest posting coming from a victim who was attacked on July 8.

Security researchers from Recorded Future and Emsisoft both confirmed that much of the group’s infrastructure had resurfaced.

Most people expected that REvil would return, albeit with a different name and likely a new variant of ransomware.

The closure of REvil in July left many victims in a difficult situation. Mike Hamilton, former CISO of Seattle and now CISO of the ransomware remediation company Critical Insight, told that after the Kaseya attack, a company paid a ransom and received the decryption keys from REvil, which apparently did not work.

REvil attacked about 360 U.S. organizations this year and has made more than $11 million this year with high-profile hacks on Acer, JBS, Quanta computers and more.

For more information, read the original story in ZDNet.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Lawsuit requires Pegasus spyware to provide code used to spy on WhatsApp users

NSO Group, the developer behind the sophisticated Pegasus spyware, has been ordered by a US court to provide...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways