Trending Articles

Artificial Intelligence

Revil – As New Clues Emerge, Experts are Wondering

Hi, I hope you are having a good day! In April 2022, security researchers discovered a new blog post from the REvil group, claiming they had resumed operations. The post also included a list of new victims, including the Indian oil company Oil India and the signage maker Visotec Group.

The return of REvil is a major concern for businesses and organizations worldwide. The group is known for its sophisticated ransomware attacks, which can encrypt all the data on a victim’s computer system and demand a large ransom payment in exchange for decryption. For further information, please follow us along the end of the article.

Has the Revil Returned?

Change is a part of life; nothing stays the same for long. Not even in hacker groups, which are most dangerous when they work in complete silence. For example. The infamous Revil  Data Hijacking gang, linked to the notorious JBS and Kaseya. Resurface three months after its members were arrest in Russia.

Russia’s national intelligence agency, the FSB, had captured 14 members of the gang. In this arrest, the 14 members of the crew owned 426 million rubles, 600,000 dollars, 500,000 euros. Computer equipment, and 20 luxury cars were brought to justice.

Revil  Ransomware Gang

Firstly. The financially motivated cyber threat group Gold Southfield control by the ransomware group known as REvil. Emerg in 2019 and spread like wildfire after extorting $11 million from meat processor JBS.

Revil would encourage its affiliates to carry out cyberattacks on its behalf by paying a percentage of the ransom to those who help infiltrate activities on targeted computers.

However. In July 2021, hackers working under REvil exploited zero-day vulnerabilities in the Managed Service Provider (MSP) service developed by a Kaseya company. As was often the case. These vulnerabilities were not patch and thus open to abuse. The code change was deploy against over 30 MSPs worldwide and 1,000 corporate networks operate by those MSPs.

The hackers lease their Ransomware to other cyber criminals so that a similar attack could take place and disrupt the activities of others. It has been report how persistent ransomware attacks were carry out and reveal that most hacking groups. Use Ransomware as a Service by renting their services to other users (who often have easy access to systems, networks, and additional personal information). Of the victim). The famous Colonial Pipeline, the oil pipeline company, operating in the United States, was attacked by Revil as part of a Ransomware service.

In October 2021, a multi-country law enforcement operation seized control of critical assets related to the Revil ransomware and dismantled the darknet campaign on anonymous ToR servers.

ReVil is making a comeback


Cybersecurity researchers have come up with examples of Revil  ransomware. Their findings, base on samples showing exact build dates and build sequences, along with several other attributes meaning it is likely made by the same person/team, strengthen their argument that they did identify the original developer of the Revil  ransomware. And. Therefore, you must logically conclude that the self-band cybercriminal group known as Revil  has return. The latest ransomware leak site was recently promote through the Russian RuTOR forum, a website that allegedly sells leak data to customers.

According to the vines, REvil’s Tor sites have returned to life.

Moreover. At the end of April this year, security researchers noticed malware that had been use in previous years.

The attacks were active again after a long period of silence. Two researchers working on the dark side of cybersecurity recently discovered a dark web blog used to advertise ransomware attacks, enticing others to join this dangerous trend. They also received word that the attackers have taken it upon themselves to recruit more ghost hackers.

Ransomware preview confirms return:

The last example use longer GUID-type values, such as

3c852cc8-b7f1-436e-ba3b-c53b7fc6c0e4 for SUB and PID options to track campaign and partner identities respectively.

Has Revil returned? – How can you fight back?

Revil is known as particularly destructive Ransomware, and its return means businesses and individuals must vigilant against possible attacks. However. It is too early to say whether the return of the Revil ransomware gang will be as compelling as its predecessor.

But it appeared shortly after its removal, indicating that this may be its intention and that best practices for ransomware protection and web security are a rule.

When it comes to protecting your website from hackers and criminals, there are several methods you can use, including:

However. I am using an automate web application scanner and manual penetration testing.

Set up anti-virus and anti-malware programs to run regular security scans, etc.

Implement security training programs – Your end users and employees need to know the ransomware threat and how it starts.

By enabling the “least privilege” principle for app users, you can ensure that no one can access any part of your app that no other user has access to. Thereby preventing potential security breaches.

Support your information security department by introducing cyber threat awareness initiatives that teach end users and employees how to recognize the modus operandi of cybercriminals.

Moreover. Make sure your business is protect from downloading executable files attached to incoming or outgoing emails. So your website application is not vulnerable to hackers.

Moreover. To prevent cyber attackers from accessing your web applications. It is recommend that you set up a Web Application Firewall (WAF) to block access from malicious IP addresses.

Related posts